Assigning the Enrollment Reader Role for Enterprise Agreements

Microsoft has announced that beginning October 10, 2022, direct Enterprise Agreement customers will not be able to manage their billing account in the EA Portal. Instead, direct Enterprise Agreement customers must use the Azure Portal to manage their Enterprise Agreements.

In parallel with this, CloudCheckr has been advised that the API Access Key generated from the EA Portal will no longer be functional, which will cause data ingestion interruption.
Please contact your Azure Administrator to receive appropriate role access before credentialing your account.
Users must have the Enrollment Reader role to consent to CloudCheckr's service principal. 

To assign the Enrollment Reader role to a user:

  1. Log in to the Azure Portal.
  2. Access Cost Management + Billing within the left-hand menu and select your Enterprise Agreement from the list provided.
  3. Within the left-hand menu, select Access Control (IAM). Click the Add button located at the top and select Enterprise Administrator.
    Although you are selecting Enterprise Administrator, the role will be displayed as Enrollment Reader.
  4. The Add role assignment window will appear. Enter and confirm the email address of the consenting user and select the appropriate Auth type according to the account involved. 
  5. Check the Provide read-only access checkbox to enable the setting and click Add to finish role assignment setup. 
  6. You will be directed back to the Access Control (IAM) list of users. Click refresh to view the newly configured user. You may confirm that the user possesses read-only access to the enrollment.


How did we do?