Configure a Subscription Account

To manage the resources of any type of subscription and gain access to CloudCheckr’s best practices, inventory, security, and utilization modules, follow this procedure.


  1. Log in to the Azure management portal associated with your subscription type:
  2. From the left navbar, click Azure Active Directory.

  3. Select Properties from the list.

  4. Copy the Tenant ID.
  5. In the Manage section of the Azure Active Directory blade, click App registrations.
  6. Click + New registration.
  7. Create your application:
    1. Type a name for your application.
    2. Under Supported account types, leave the default setting: accounts in this organizational directory only
    3. Under Redirect URI (optional), leave the default drop-down option, Web, and in the blank text field, type https://localhost
    4. Click Register.
  8. Copy the Application ID.
  9. In the Manage section of the application blade, click Certificates & secrets.
  10. Under Client secrets, click + New client secret.
  11. Type a name for the client secret, select when you want it to expire, and click Add.
  12. Copy the client secret and save it immediately since you will not be able to view it again.
  13. From the left navbar, click All Services.
  14. From the list, select Subscriptions.
  15. Click your subscription.
  16. Copy the Subscription ID.
    Rather than assign a role to a subscription, you can assign the role to a resource group or specific resource:
    • From the left navbar, click All Resources.
    • Select the resource that you want CloudCheckr to monitor.
    • Complete Step 2: Add a Role Assignment and the remaining steps in this topic.
  1. From the blade of the selected subscription, click Access control (IAM).
  2. Select Add > Add Role Assignment.
  3. Create a role assignment:
    1. From the Role drop-down list, select Reader.
    2. In the Assign access to drop-down list, leave the default option, Azure AD user, group, or service principal.
    3. In the Select text field, type the name of the application that you created.
    4. Click Save.
      You will not get complete data in the Storage Account Inventory reports if you have a Reader role. Review the Enable Permissions for Storage Accounts topic to learn how to add the role that will give you adequate permissions to collect complete data.
  1. Launch CloudCheckr.
  2. From the Projects page, select an Azure partner.
  3. From the Accounts page, click NEW ACCOUNT.

    The New Account page opens.

  4. Type a unique name for your account.
  5. From the Cloud Provider section, select Microsoft Azure from the drop-down menu.
  6. In the Navigation Visibility section, select the checkboxes next to the sections or modules that you want to be visible in the Azure account.
  7. At the bottom of the page, click Create.

    The Configure Account page opens.

  1. From the Configure Account page, click the drop-down arrow and select Collect resource information from my Azure subscription from the drop-down menu.
  2. Paste the Tenant ID into the field associated with the Directory ID.
  3. Paste the Application ID into the Application ID field.
  4. Paste the client secret into the field associated with the key value.
  5. Paste the Subscription ID into the Subscription ID field.

    This screen identifies the fields where you need to paste those values:

  6. From the Azure Account Type drop-down menu, select Commercial, Government, or Germany.
  7. Click Update.
    If you have a Pay-as-You-Go subscription, CloudCheckr will automatically display the Edit Billing Configuration: Pay-as-You-Go Subscriptions page, but the options will be pertinent to usage and data collection.

How did we do?