Assigning the Enrollment Reader Role for Enterprise Agreements
Users must have the Enrollment Reader role to consent to CloudCheckr's service principal.
To assign the Enrollment Reader role to a user:
- Log in to the Azure Portal.
- Access Cost Management + Billing within the left-hand menu and select your Enterprise Agreement from the list provided.
- Within the left-hand menu, select Access Control (IAM). Click the Add button located at the top and select Enterprise Administrator.
Although you are selecting Enterprise Administrator, the role will be displayed as Enrollment Reader.
- The Add role assignment window will appear. Enter and confirm the email address of the consenting user and select the appropriate Auth type according to the account involved.
- Check the Provide read-only access checkbox to enable the setting and click Add to finish role assignment setup.
- You will be directed back to the Access Control (IAM) list of users. Click refresh to view the newly configured user. You may confirm that the user possesses read-only access to the enrollment.