Microsoft Azure Configuration — Active Directory / Subscriptions

PART 1 — Preparing your Azure account for Asset reporting with CloudCheckr

You will make your Azure Configuration changes within the “new” Azure portal. You can use the two following links, depending on your account type:

Step 1

Log on to the Azure management portal (refer to links above).

Step 2

Using the drop-down in the right, select the Directory that contains the subscription we will scan.

01-choose-directory

Step 3

Open the Azure Active Directory management panel.

Select “Properties”.

Find the “Directory ID” and save its value (e.g. to a text file). Note: You will need this value later.

Step 4

Select “App Registrations” and add a new App registration.

03-azure-appregistrations-scr

Ensure a useful name (e.g. CloudCheckr Service), select application type “Web App / API” and enter “https://localhost” for the sign-on URL.

04-azure-newappregistrations-ok

Create the new App Registration. When you are back on the App Registration screen, find the “Application ID” and save its value. Note: You will need this value later.

Step 5

Once created, select the new registration and then select the “Keys” menu item.

Enter a name, select a duration and then click the “Save” button. A new key will be created – save the value of the key now – you cannot view it again later. Note: You will need this value later.

At the end of this step, you should have three values: Directory ID, Application ID and the secret key.

Step 6

Open the Subscription management panel.

06-azure-subscriptions-scr

Select the subscription that CloudCheckr will monitor. Find the subscription ID and saves its value. Note: You will need this value later.

Next, we must allow the new CloudCheckr app registration to read the subscription.

Step 7

With the subscription selected from the subscription management panel, select “Access Control (IAM)”.

Click “Add” to add the new service account.

Select the “Reader” role and then add the new service account as the user (the account may not appear in the list; search for it).

Save the change.

The CloudCheckr service account should now be on the list with reader access.

PART 2 — Configuring CloudCheckr with your newly created Azure credentials

Step 8

Take the following recorded items from the steps above:

  • Directory ID
  • Application ID
  • Subscription ID
  • Secret Key (from Step 5 – ‘Keys’)

Next, login to your CloudCheckr account at https://app.cloudcheckr.com.

Once logged in, click the “+ New Account” button.

Give your account a name. In the Cloud Provider dropdown, select Windows Azure. Click Create to add the new account.

azure_config2

On the Configure Account screen, select “Collect resource information from my Azure subscription” from the drop down menu.

Note: For reference, the Azure Credential Configuration screen is located under ‘Account Settings’.

10-cc-azure-cred-screen

Step 9

Add the required fields as detailed in the list and image below:

azure-subscription-configuration

  • Directory ID
  • Application ID
  • Subscription ID
  • Secret Key (from Step 5 – ‘Keys’)

Also, be sure to select the Azure Account Type: Commercial or Government.

Note: If you have an Azure Offer ID, check the box in Step 15. Once checked, enter your Azure Offer ID to use for cost calculations. For a list of valid offer ID’s, you can visit: https://azure.microsoft.com/en-us/support/legal/offer-details/.

Enter those values and click Update.

That’s it!  At this point CloudCheckr will begin connecting to your Windows Azure account and populating your Asset reports.