Configure a CPV App for an Azure CSP Gov/Germany Account

This topic will show you how to configure a Control Panel Vendor (CPV) app for your Azure CSP Gov/Germany account.

To comply with Microsoft's new Cloud Solution Provider (CSP) security model, CloudCheckr has modified the way we interact with the Microsoft Partner Center API. CPV allows you to make calls to the API while providing added protection to your data and infrastructure from potential security risks.

Because of this new requirement, you must create a CPV app if you are using a CSP account to authenticate to CloudCheckr's self-hosted application.

CPV configuration only applies to CSP accounts and is not required for Enterprise Agreements, Subscription, and Active Directory accounts.


Before you configure your CPV app, you must:

  • credential the Azure pricing job in your self-hosted application
  • complete step 1 in the Azure Active Directory: Single Sign-On Guide to configure a subdomain and certificate for your self-hosted application
  • verify that self-hosted application can make calls to the Microsoft API

Create the CPV App

In the Azure portal, you will create a CPV app, which will contain the Partner Center API that CloudCheckr needs to collect your CSP billing data.

  1. Log in to the Azure portal.

    The Microsoft Azure Dashboard opens.

  2. From the left navbar, select Azure Active Directory.
  3. In the Manage section of the Azure Active Directory blade, click App registrations.

  4. Click the New registration button.
  5. Provide the following information in the Register an application dialog box:
    1. In the name field, type the name of the self-hosted product.
    2. Under Supported account types, select the Accounts in any organizational directory - Multitenant) and personal Microsoft accounts radio button.
    3. Under the Redirect URI (optional) section, select Web and select the correct credential/authorization from the drop-down menu.

      For this example, we selected

    4. Click Register.

  6. In the Manage section of the application blade, click Certificates & secrets.
  7. Under Client secrets, click New client secret.

    The Add a client blade now displays.

  8. Type a name for the client secret, select when you want it to expire, and click Add.

    Azure creates a new client secret.

  9. Copy the value of the client secret and save it immediately since you will not be able to view it again. You will need this during your CloudCheckr configuration.
    When your client secret expires, you must return to the Client secrets section to generate a new one and add it to CloudCheckr.
  10. In the Manage section of the application blade, click API permissions.
  11. Click Add a permission.
  12. Under Select an API, select the APIs my organizations uses link.

  13. In the Search bar, type Microsoft Partner Center to search for the app that will expose the appropriate API.
  14. Select Microsoft Partner Center, click Delegated Permissions, and select the user_impersonation permission.

  15. In the Search bar, type Azure Active Directory Graph API in the search bar.
  16. Select Azure Active Directory Graph API, click Delegated Permissions, and add the following permissions:

    • Under Directory, select Access the directory as the signed-in user and Read Directory Data permissions.
    • Under Group, select Read All Groups.
    • Under User, select Sign in and read user profile.
  17. Click Add Permissions.

    Your permissions are now visible:

  18. Return to the Application blade and click Overview to view the application details.
  19. Copy the application ID.

Register the CPV Application

  1. Log in to the Microsoft Partner Center.

  2. From the left navbar, click CPV.

    The App registrations sub-menu displays.

  3. Next to Application registrations, click the Register an existing app menu and select the app that gives CloudCheckr permission to collect your CSP pricing data.
  4. From the Register application pop-up message, click Register app.

Configure the App in CloudCheckr

  1. Log in to self-hosted version of CloudCheckr as a SysAdmin.

    Because you have not selected a partner yet, you will only see the Settings icon in the header bar.
  2. From the list, select SystemJobs.

    Now that you have selected a partner, more functions will be available to you in the header bar.

  3. From the header bar, click the Settings icon and choose System > Configuration. The Application-wide Configurations page opens.

  4. Scroll down to the Azure Gov & Germany CPV Credential section and paste the Application ID and secret key, which is the client secret from your CPV app.

  5. Click Save Settings.

How did we do?