Configure an Active Directory or O365 Account

To enable CloudCheckr to report on your resource and service usage data from your Azure Active Directory or your O365 account, you need to establish a connection between CloudCheckr and Azure so that they can exchange data. To configure your Active Directory account or O365 account, you will need to complete these steps:

  • In Azure, you will obtain several key values, create a new app, and grant permissions to the app.
  • In CloudCheckr, you will create an Azure account and configure that account to collect your Azure Active Directory or O365 account data.
  • In Azure, verify that the required permissions are set.


Configuration

  1. Login to the  Azure portal.

    The Microsoft Azure Dashboard opens.

  2. On the left navbar, click Azure Active Directory.

    The Azure Active Directory blade opens.

  3. In the Manage section of the Active Directory blade, click Properties.

    The Properties blade displays.

  4. Click the icon to the right of the Directory ID text field and copy the ID.

  5. Launch the CloudCheckr application.

    The Main page of the application displays.

  6. From the right side of the screen, click NEW ACCOUNT.

    The New Account screen displays.

  7. In the first text field, type a name for the account.
  8. In the Cloud Provider section, select Microsoft Azure from the drop-down list.
  9. Click Create.

    The Configure Account page opens.

  10. From the drop-down menu, select Collect Information from my Azure Active Directory.

    The page now displays the configuration steps for Azure Active Directory.

  11. On the Configure Account page, paste the Directory ID that you copied earlier from Azure.
  12. Return to the Azure portal.
  13. In the Manage section of the Azure Active Directory blade, click App registrations.

    The App registrations blade opens.

  14. Click + New application registration.

    The Create blade opens.

  15. Return to the Configure Account page in the CloudCheckr application.
  16. Copy the application name and sign-on URL from the Configure Account page in CloudCheckr.
  17. Return to the Azure portal.
  18. In the Create blade:
    1. Paste the Name and Sign-on URL values into the corresponding text fields.
    2. Select Web app/API from the Application type drop-down menu.
    3. Click Create.

      The Registered app blade opens and displays the details of the new application.

  19. Click the icon to the right of the Application ID text field and copy the ID.

  20. Return to the Azure portal.
  21. From the Registered app blade, click Settings.

    The Settings blade opens.

  22. From the API access section, select Keys.

    The Keys blade opens.

  23. In the Description text field, type a description for the key.
  24. From the Expires drop-down menu, select a duration.
  25. Click Save.

    Azure generates a key value automatically.

  26. Copy the key value from the Keys blade.
  27. Return to the Configure Account page in the CloudCheckr application.
  28. Paste the key value into the text field in Step 8 on the Configure Account page.
  29. Return to the Azure portal.
  30. From the Settings blade, select Required Permissions.

    The Required permissions blade opens.

  31. Click + Add.

    The Add API access blade opens.

  32. Click 1 Select an API.

    The Select an API blade opens.

  33. Select Microsoft Graph from the list.

  34. At the bottom of the Select an API blade, click Select.

    The Enable Access blade opens.

  35. Select Read Directory Data and Read All Usage Reports from the list and click Select.
  36. In the Required Permissions blade, click Grant Permissions.

    A prompt asks you to confirm your selection.

  37. Click Yes to grant the required permissions.
  38. At the bottom of the Add API access blade, click Done to add the permissions to the Microsoft Graph API.
  39. Return to the CloudCheckr application.
  40. On the Configure Account page, select the account type: Commercial, Government, or Azure Germany.
  41. Click Update.


Verification

To verify that the appropriate permissions are set, follow these steps:

  1. From the Azure Active Directory blade, select App registrations.

    A list of the registered applications display.

  2. Select your application from the list.

    The Registered app blade opens.

  3. Under Managed application in local directory, click your application name.

  4. From the Enterprise Application blade, select Permissions.

    A list of your application's permissions will display.

  5. Verify that the two permissions for the Microsoft Graph API are listed.

    If the permissions are not listed, repeat the previous Configuration procedure and make sure that you click Done in step 38 to ensure that the permissions are added.


How did we do?