Configure an Active Directory or O365 Account [Legacy]

On May 1, 2019, Azure rolled out changes to App registrations that will replace the Legacy version of App registrations. If you are still using the Legacy version, please follow the instructions in this topic.
To enable CloudCheckr to report on your resource and service usage data, you need to establish a connection between CloudCheckr and Azure Active Directory.

Azure Active Directory is Microsoft's cloud-based identity and access management service that allows users to sign and access resources in Microsoft Office 365, the Azure portal, and other Software-as-a-Service (SaaS) products. To configure your Active Directory account or O365 account, you will need to complete these steps:

  • In Azure, you will obtain some key values, create a new app, grant permissions to the app, and verify your permissions.
  • In CloudCheckr, you will create an Azure account and configure that account to collect your Azure Active Directory or O365 account data.


Configuration

  1. Login to the  Azure portal.

    The Microsoft Azure Dashboard opens.

  2. On the left navbar, click Azure Active Directory.

    The Azure Active Directory blade opens.
  3. In the Manage section of the Active Directory blade, click Properties.

    The Properties blade displays.

  4. Click the icon to the right of the Directory ID text field and copy the ID.

  5. Launch the CloudCheckr application.

    The Main page of the application displays.

  6. From the right side of the screen, click NEW ACCOUNT.

    The New Account screen displays.

  7. In the first text field, type a name for the account.
  8. In the Cloud Provider section, select Microsoft Azure from the drop-down list.
  9. Click Create.

    The Configure Account page opens.

  10. From the drop-down menu, select Collect Information from my Azure Active Directory.

    The page now displays the configuration steps for Azure Active Directory.

  11. On the Configure Account page, paste the Directory ID that you copied earlier from Azure.
  12. Return to the Azure portal.
  13. In the Manage section of the Azure Active Directory blade, click App registrations (Legacy).

    The App registrations blade opens.

  14. Click + New application registration.

    The Create blade opens.
  15. Return to the Configure Account page in the CloudCheckr application.
  16. Copy the application name and sign-on URL.
  17. Return to the Azure portal.
  18. In the Create blade:
    1. Paste the Name and Sign-on URL values into the corresponding text fields.
    2. Select Web app/API from the Application type drop-down menu.
    3. Click Create.

      The Registered app blade opens and displays the details of the new application.

  19. Copy the Application ID.

  20. Click the Settings icon in the Registered app blade and select Keys.

  21. Type a name for the key, select when you want it to expire, and click Save.

    Azure creates a new secret key.

  22. Copy the key value from the Keys blade.

    You will now have three values: Directory ID, Application ID, and the secret key.

  23. Return to the Configure Account page in the CloudCheckr application.
  24. Paste the key value into the corresponding text field.
  25. Return to the Azure portal.
  26. From the Settings blade, select Required Permissions.

    The Required permissions blade opens.
  27. Click + Add.

    The Add API access blade opens.
  28. Click 1 Select an API.

    The Select an API blade opens.
  29. Select Microsoft Graph from the list.

  30. At the bottom of the Select an API blade, click Select.

    The Enable Access blade opens.

  31. Select Read Directory Data and Read All Usage Reports from the list and click Select.

  32. In the Required Permissions blade, click Grant Permissions.

    A prompt asks you to confirm your selection.

  33. Click Yes to grant the required permissions.

    A pop-up message indicates that Azure has granted your permissions.

  34. At the bottom of the Add API access blade, click Done to add the permissions to the Microsoft Graph API.

  35. Return to the CloudCheckr application.
  36. On the Configure Account page, select the account type: Commercial, Government, or Azure Germany.
  37. Click Update.


Verification

To verify that the appropriate Azure permissions are set, follow these steps.

  1. Return to the Azure portal.
  2. On the left navbar, click Azure Active Directory.
  3. In the Manage section of the Azure Active Directory blade, click App registrations (Legacy).

    A list of the registered applications display.

  4. Select your application from the list.

    The Registered app blade opens.

  5. Click your application name.

    The Enterprise Application blade opens.

  6. From the Security section of the Enterprise Application blade, select Permissions.

    A list of your application's permissions will display.
  7. Verify that the two permissions for the Microsoft Graph API are listed.

    If the permissions are not listed, repeat the previous Configuration procedure and make sure that you click Done in step 34 to ensure that the permissions are added.


How did we do?