Skip to content

Azure Client Authorization Configuration

The script market supports collecting cloud resources/cloud monitoring metrics through Azure application registration and reporting to Guance/TrueWatch. This article describes how to complete the collector authorization configuration.

Create an Application Registration in the Azure Portal

  1. In the Microsoft Entra ID page sidebar, find App registrations, and click New registration
  2. Enter the application name as required, set Supported account types to this organizational directory only, and click Register

register-application

Authorize the Application

  1. Find the subscription that needs to be monitored, click Access control (IAM), and select Add role assignment
  2. Under the Role tab, search for Monitoring Reader (English: Monitoring Reader) and select it role-assignment
  3. Under the Members tab, click Select members, search for the application name created above in the pop-up window, select it, and click Select role-to-member
  4. Click Review + assign to complete the authorization

Repeat this operation for other subscriptions that need to be monitored, or you can directly authorize the application in the management group (Management groups), so the application will automatically have permissions for all subscriptions under the management group

Create a Key for the Application

  1. In App registrations, find the application created above, click Mange > Certificates & secrets
  2. Select Client secret and click + New client secret, customize Description, fill in Expired as needed, and click Add create-application-secret
  3. Copy the value of the key (Azure Client Secret Value) and keep it for later use copy-application-secret

Script Market Collector Configuration

azure-smkt-configure

The parameters required for installing the Azure collector in the script market are as follows:

  • Azure Tenant ID: Tenant ID
  • Azure Client ID: Application registration Client ID
  • Azure Client Secret Value: Client password value (mentioned above that it needs to be copied and kept for later use)
  • Azure Subscriptions: Subscription ID, multiple subscriptions are separated by ,

The Azure Tenant ID and Azure Client ID can be found on the overview page of the application mentioned above: clientid-and-tenantid

In the Azure portal, directly search for Subscriptions, list all subscriptions, find the target subscription, and copy out the Subscription ID subscription-id

Appendix: