Microsoft Azure Configuration – Subscriptions

You will make your Azure Configuration changes within the new Azure portal. Depending on your account type, use one of the following two links:


Prepare Your Azure Account for Asset Reporting with CloudCheckr

  1. Log into the Azure management portal (refer to links above).
  2. Select the drectory that contains the subscription you want to scan.

  3. Open the Azure Active Directory management panel.
  4. Select Properties.
  5. Find the Directory ID and save it to a text file or other file type.

    You will need Directory ID value later, so please retain it in a safe location.

  6. Select App Registrations and add a new app registration.

  7. Type a name for the application. (For example: CloudCheckr Service).

  8. From the Application Type drop-down menu, select Web app /API .

  9. In the Sign-on URL text field, type https://localhost.

  10. Click Create to create the new app registration. When you are back on the App Registration screen, find the Application ID and save it to a text file or other file type.

    You will need the secret key value later, so please retain it in a safe location.
  11. Select the new registration and from the menu, select Keys.

  12. Type a name, select a duration, and click Save.

    Azure creates a new key.
  13. Save the new key immediately since you will not be able to view it again.

    You will need Application ID value later, so please retain it in a safe location.

    You will now have three values: Directory ID, Application ID, and the secret key.
  14. Open the Subscription management panel.
  15. Select the subscription that CloudCheckr will monitor. Find the subscription ID and save it to a text file or other file type.

    You will need the subscription ID value later, so please retain it in a safe location.

    Next, you will need to allow the new CloudCheckr app registration to read the subscription.
  16. With the subscription selected from the subscription management panel, select Access Control (IAM).

  17. Click Add to add the new service account.

  18. Select the Reader role and then add the new service account as the user. You may need to search for the account if it is not listed.

  19. Save the change.

    The CloudCheckr service account should now be on the list with reader access.

Configure CloudCheckr with Your Azure Credentials

  1. Locate the following items that you saved earlier:

    • Directory ID
    • Application ID
    • Subscription ID
    • Secret Key
  2. Log into your CloudCheckr account at https://app.cloudcheckr.com.

  3. Click New Account.

  4. Give your account a name.
  5. In the Cloud Provider dropdown, select Windows Azure.

  6. Click Create to add the new account.

  7. On the Configure Account screen, select Collect resource information from my Azure subscription.
    For reference, the Azure Credential Configuration screen is located under Account Settings.
  8. Add these required fields:
    • Directory ID
    • Application ID
    • Subscription ID
    • Secret Key

  9. Select the Azure Account Type: Commercial or Government.

    The screenshot shows the fields where you need to provide the required values from steps 8 and 9.

  10. Click Update.

    CloudCheckr will begin connecting to your Windows Azure account and populating your Asset reports.

How did we do?