Configure an Active Directory or O365 Account [New]

On May 1, 2019, Azure rolled out changes to App registrations. Please follow the instructions in this topic if you are using the new App registrations. To review a list of what has changed, see the training guide.
To allow CloudCheckr to access the resources associated with your Azure subscription, you must create a connection between Azure and CloudCheckr.

Azure Active Directory is Microsoft's cloud-based identity and access management service that allows users to sign and access resources in Microsoft Office 365, the Azure portal, and other Software-as-a-Service (SaaS) products. To configure your Active Directory account or O365 account, you will need to complete these steps:

  • In Azure, you will obtain some key values, create a new app, grant permissions to the app, and verify your permissions.
  • In CloudCheckr, you will create an Azure account and configure that account to collect your Azure Active Directory or O365 account data.


Configuration

  1. Login to the  Azure portal.

    The Microsoft Azure Dashboard opens.

  2. On the left navbar, click Azure Active Directory.

    The Azure Active Directory blade opens.
  3. In the Manage section of the Active Directory blade, click Properties.

    The Properties blade displays.

  4. Click the icon to the right of the Directory ID text field and copy the ID.

  5. Launch the CloudCheckr application.

    The Main page of the application displays.

  6. From the right side of the screen, click NEW ACCOUNT.

    The New Account screen displays.

  7. In the first text field, type a name for the account.
  8. In the Cloud Provider section, select Microsoft Azure from the drop-down list.
  9. Click Create.

    The Configure Account page opens.

  10. From the drop-down menu, select Collect Information from my Azure Active Directory.

    The page now displays the configuration steps for Azure Active Directory.

  11. On the Configure Account page, paste the Directory ID that you copied earlier from Azure.
  12. Return to the Azure portal.
  13. In the Manage section of the Azure Active Directory blade, click App registrations.

    The App registrations blade opens.

  14. Click + New registration .

    The Register an application blade opens.

  15. Return to the Configure Account page in the CloudCheckr application.
  16. Copy the application name and sign-on URL.
  17. Return to the Azure portal.
  18. Create your application:
    1. Type a name for your application.
    2. Under Supported account types, leave the default setting: accounts in this organizational directory only.
    3. Under Redirect URI (optional), leave the default drop-down option, Web, and in the blank text field, type ttps://localhost
    4. Click Register.

      Details about your new app display on the right side of the screen.

  19. Copy the Application ID.

  20. In the Manage section of the application blade, click Certificates & secrets.

    The Certificates & secrets blade opens.
  21. Under Client secrets, click New client secret.

    The Add a client blade now displays.

  22. Type a name for the client secret, select when you want it to expire, and click Add.

    Azure creates a new client secret.

  23. Copy the value of the client secret and save it immediately since you will not be able to view it again.

    You will now have three values: Directory ID, Application ID, and the client secret.

  24. Return to the Configure Account page in the CloudCheckr application.
  25. Paste the key value into the corresponding text field.
  26. Return to the Azure portal.
  27. Click the name of your application from the list.
  28. From the Manage section of the application blade, select API Permissions.

    The API permissions blade opens.
  29. Click + Add a permission.

    The Select an API blade opens.
  30. Select Microsoft Graph from the list.

    Details about the type of permissions display.

  31. Select delegated permissions.

    The Select permissions section displays.
  32. Add the permissions:
    1. Type Read Directory Data and select that permission from the list.
    2. Type Read All Usage Reports and select that permission from the list.
    3. Click Add permissions.

      A pop-up message indicates that Azure updated your permissions successfully.

  33. Scroll down to the Grant consent section and click Grant admin consent for CloudCheckr Azure Subscription.

    A prompt asks you to confirm your selection.

  34. Click Yes to grant the required permissions.

    A pop-up message indicates that Azure has granted your permissions.

  35. Return to the CloudCheckr application.
  36. On the Configure Account page, select the account type: Commercial, Government, or Azure Germany.
  37. Click Update.


Verification

To verify that the appropriate Azure permissions are set, follow these steps.

  1. Return to the Azure portal.
  2. On the left navbar, click Azure Active Directory.
  3. In the Manage section of the Azure Active Directory blade, click App registrations.

    A list of the registered applications display.

  4. Click the name of your application.

    Details about your app display on the right side of the screen.

  5. Under Managed application in local directory, click your application name.

    The Enterprise Application blade opens.

  6. From the Security section of the Enterprise Application blade, select Permissions.

    A list of your application's permissions will display.
  7. Verify that the two permissions for the Microsoft Graph API are listed.

    If the permissions are not listed, repeat the previous Configuration procedure and make sure that you click Yes in step 34 to ensure that the permissions are added.


How did we do?