Configure an Active Directory or O365 Account

To collect resource information on your Azure subscription or obtain inventory data on the services in Microsoft O365, follow this procedure.


Procedure

  1. Log in to the Azure management portal associated with your subscription type:
  2. From the left navbar, click Azure Active Directory.
  3. Select Properties from the list.
  4. Copy the Tenant ID.
  5. In the Manage section of the Azure Active Directory blade, click App registrations.
  6. Click + New registration.
  7. Create your application:
    1. Type a name for your application.
    2. Under Supported account types, leave the default setting: accounts in this organizational directory only
    3. Under Redirect URI (optional), leave the default drop-down option, Web, and in the blank text field, type https://localhost
    4. Click Register.
  8. Copy the Application ID.
  9. In the Manage section of the application blade, click Certificates & secrets.
  10. Under Client secrets, click + New client secret.
  11. Type a name for the client secret, select when you want it to expire, and click Add.
  12. Copy the client secret and save it immediately since you will not be able to view it again.
    1. Click the name of your application from the list.
    2. From the Manage section of the application blade, select API Permissions.
    3. Click + Add a permission.
    4. From the Select an API blade, select Microsoft Graph from the list.
    5. Select application permissions.
    6. Add the permissions:
      1. Type Read Directory Data and select that permission from the list.
      2. Type Read All Usage Reports and select that permission from the list.
      3. Click Add permissions.
    7. Scroll down to the Grant consent section and click Grant admin consent for CloudCheckr Azure Subscription.
    8. Click Yes to grant the required permissions.
    1. Launch CloudCheckr.
    2. From the Projects page, select an Azure partner.
    3. From the Accounts page, click NEW ACCOUNT.

      The New Account page opens.

    4. Type a unique name for your account.
    5. From the Cloud Provider section, select Microsoft Azure from the drop-down menu.
    6. In the Navigation Visibility section, select the checkboxes next to the sections or modules that you want to be visible in the Azure account.
    7. At the bottom of the page, click Create.

      The Configure Account page opens.

    1. From the Configure Account page, select Collect Information from my Azure Active Directory from the drop-down menu.
    2. Paste the Tenant ID into the field associated with the Directory ID.
    3. Paste the Application ID into the Application ID field.
    4. Paste the client secret into the field associated with the key value.

      This screen identifies the fields where you need to paste those values:

    5. From the Azure Account Type drop-down menu, select Commercial, Government, or Azure Germany.
    6. Click Update.
    1. Return to the Azure portal.
    2. On the left navbar, click Azure Active Directory.
    3. In the Manage section of the Azure Active Directory blade, click App registrations.

      A list of the registered applications display.

    4. Click the name of your application.

      Details about your app display on the right side of the screen.

    5. Under Managed application in local directory, click your application name.

      The Enterprise Application blade opens.

    6. From the Security section of the Enterprise Application blade, select Permissions.

      A list of your application's permissions will display.

    7. Verify that the two permissions for the Microsoft Graph API are listed.
      If you don't see the correct permissions, repeat Step 2: Add Permissions and make sure that you click Yes in step 8 to ensure that Azure adds those permissions.

    How did we do?