Microsoft Azure Configuration — Active Directory/O365 Accounts

Introduction

Follow this procedure to create and configure your Active Directory and Office 365 (O365) account settings in Microsoft Azure and CloudCheckr. The O365 account type allows you to import O365 data into CloudCheckr.


Procedure

  1. Login to the Azure portal.
  2. The Microsoft Azure Dashboard opens.

  3. On the left navbar, click Azure Active Directory.
  4. The Azure Active Directory blade opens.

  5. In the Manage section of the Active Directory blade, click Properties.
  6. The Properties blade displays.

  7. Click the icon to the right of the Directory ID text field to copy the ID.
  8. Launch the CloudCheckr application.
  9. The Main page of the application displays.

  10. From the right side of the screen, click NEW ACCOUNT.
  11. The New Account screen displays.

  12. In the first text field, type a name for the account.
  13. In the Cloud Provider section, select Microsoft Azure from the drop-down list.
  14. Click Create.
  15. The Configure Account page opens.

  16. From the drop-down menu, select Collect Information from my Azure Active Directory.
  17. The page now displays the configuration steps for Azure Active Directory.

  18. In step 2 on the Configure Account page, paste the Directory ID that you copied earlier in this procedure.
  19. Return the Azure portal.
  20. In the Manage section of the Azure Active Directory blade, click App registrations.
  21. The App registrations blade opens.

  22. Click + New application registration.
  23. The Create blade opens.

  24. Return to the Configure Account page in the CloudCheckr application.
  25. Copy the values from step 4 in the Configure Account page in CloudCheckr onto your desktop.

  26. Return the Azure portal.
  27. In the Create blade:
    • paste the Name and Sign-on URL values into the corresponding text fields.
    • select Web app/API from the Application type drop-down menu to correspond to the value in CloudCheckr.
    • click Create.

    The Registered app blade opens and displays the details of the new application.


  28. Click the icon to the right of the Application ID text field to copy the ID.

  29. Return the Azure portal.
  30. From the Registered app blade, click Settings and select Keys.
  31. The Keys blade opens.

  32. In the Description text field, type a description for the key.
  33. From the Expires drop-down menu, select a duration.
  34. Click Save.
  35. A key value is generated automatically.

    Note: You can only view this key once, so copy this information immediately.

  36. Copy the key value from the Keys blade.
  37. Return to the Configure Account page in the CloudCheckr application.
  38. Paste the key value into the text field in Step 8 on the Configure Account page.
  39. Return to the Azure portal.
  40. From the Settings blade, select Required Permissions.
  41. The Required permissions blade opens.

  42. Click + Add.
  43. The Add API access blade opens.

  44. Click 1 Select an API.
  45. The Select an API blade opens.

  46. Select Microsoft Graph from the list.

  47. At the bottom of the Select an API blade, click Select.

    The Enable Access blade opens.

  48. Select Read Directory Data and Read All Usage Reports from the list and click Select.

  49. In the Required Permissions blade, click Grant Permissions.
  50. A prompt asks you to confirm your selection.


  51. Click Yes to grant the required permissions.
  52. At the bottom of the Add API access blade, click Done to add the permissions to the Microsoft Graph API.
  53. Return to the CloudCheckr application.
  54. In step 11 on the Configure Account page, select the account type associated with this account: Commercial, Government, or Azure Germany.
  55. Click Update.

Note: To verify that the appropriate permissions are set, follow these steps:

  1. From the Azure Active Directory blade, select App registrations.
  2. A list of the registered applications display.

  3. Select your application from the list.
  4. The Registered app blade opens.

  5. Under Managed application in local directory, click your application name.
  6. From the Enterprise Application blade, select Permissions.

    A list of your application’s permissions will display.

  7. Verify that the two permissions for the Microsoft Graph API are listed.
  8. If the permissions are not listed, repeat the procedure and make sure that you click Done in step 37 to add these permissions.