Integrate your Azure Account with CloudSpend

CloudSpend allows you to integrate your Azure account and manage your cloud bills. You can connect your Azure account with CloudSpend by following the steps below:

  1. Register an application in Microsoft Entra ID
  2. Provide programmatic access to CloudSpend for Exports or Consumption API
  3. Connect your Azure account
According to Microsoft Azure billing process, the usage charges can continue to accrue and can change until the fifth day of the month after your current billing period ends, as Azure completes processing all data. Therefore, it takes CloudSpend a maximum of five to seven days to reflect the same billing data for the billing period.

CloudSpend-Azure integration workflowCloudSpend-Azure integration architecture

Register an application in Microsoft Entra ID

Register an application in Microsoft Entra ID to provide CloudSpend programmatic access to your Azure account.

Follow the steps below to complete the application registration process.

  1. Log in to the Microsoft Azure portal and navigate to the Microsoft Entra ID section.
    Azure active directory
  2. Click New registration in the App Registrations tab.
    Azure new registration
  3. In the Register an application window, enter the following details:

    Field Description
    Name The unique name of the application.
    Example: CloudSpend Azure App
    Supported account types

    The account types supported by the application. Select Accounts in any organizational directory or Accounts in this
    organizational directory only.

    Redirect URI A valid web URI. This is an optional field.
    Example: https://localhost:8080
    register the application
  4. Click Register.
  5. After registering the application in the Azure portal, you will be redirected to the Essentials section with the application details. Copy the Application (client) ID and Directory (tenant) ID to save them for later use.
  6. Navigate to Manage > Certificates & secrets.
    azure certificates
  7. Click +New client secret in the Client secrets section.
    new client
  8. In the Add a client secret window, enter the following details:

    Field Description
    Description The client secret description.
    Expires The expiry date. Select Custom from the drop-down list.
    Start The start date.
    End The end date. Select the maximum end date.

    Add secret key
  9. Click Add.
  10. Copy the Value that appears under the New client secret section and save it for later use. Note that this value will disappear after a while, so copy and paste the value as soon as you save it.
    save key

Provide programmatic access to CloudSpend for Exports

After successfully registering an application in Microsoft Entra ID, you have to add the required roles to the registered application. You can add the Storage Blob Data Reader role to a registered application for the storage account after creating exports.

Create Exports

To create and configure exports, follow the steps below:

  1. Log in to the Microsoft Azure portal and navigate to the Cost exports section.
  2. Ensure that you're on the Billing account billing scope.
  3. Click Create.
    Creating Exports
  4. Select Create your own export.
    Select your Own Export
  5. In the Add export section, enter the following details:
    • Type of data: Select Cost and usage details (actual).
    • Export name: Enter an export name. Note down the export name for configuration in CloudSpend.
    • Dataset version: Select the latest dataset version.
    • Frequency: Select Daily export of month-to-date costs.
      Add Export Details
  6. Click Add.
  7. Enter the Export prefix and click Next.
  8. Select Azure blob storage as the Storage type for your export.
  9. If you have an existing storage account, select the Use existing option. To create a new storage account, select Create new and follow the prompts to create a storage account.
  10. Select a Subscriptionfrom which you want to export cost data and provide the following details:
    • Storage account: Select the applicable storage account. Note down the storage account name for configuration in CloudSpend.
    • Container: Provide a container name. Note down the container name for configuration in CloudSpend.
    • Directory: Enter a directory path within the container where the exported data will be placed. Note down the directory path for configuration in CloudSpend.
    • Format: Select CSV as the format for the exported data.
    • Compression type: Select Gzip as the compression type.
      Subscription details
  11. Enable the File partitioning and Overwrite data options.
  12. Click Review + create to verify your settings and start the export process.
    Review ans Save

Assign roles to the application for storage account

To assign roles to the application for storage account follow the below steps:

  1. In the Microsoft Azure portal search for Storage accounts and select the it from the search results.
    Storage Accounts
  2. Select the storage account that you created during the export.
  3. Select Access control (IAM) from the left navigation menu.
    Access IAM
  4. Click Add and select Add role assignment.
  5. On the Role tab, search for and select the Storage Blob Data Reader role.
    Storage role
  6. Click Next.
  7. On the Members tab, choose User, group, or service principal for the Under Assign access to option.
  8. Click Select members, and search the application which has to be integrated in CloudSpend.
    Membder details
  9. Select the application from the search results and Click Select.
  10. Click Next and review your selection.
  11. Click Review + assign to complete the role assignment.
    Assign role

Provide programmatic access to CloudSpend for Consumption API

After successfully registering an application in Microsoft Entra ID, you have to add the required roles to the registered application. You can add the following roles to a registered application either through Subscriptions or Management groups based on the Azure account type.

Azure account type Required role
Pay As You Go (PAYG) Reader
Microsoft Customer Agreement (MCA) Reader, Billing account reader
Enterprise Agreement (EA) Reader, Enrollment reader

Obtaining the required permissions through Management groups

To obtain the required permissions through Management groups, follow the steps below:

  1. Go to Management groups.
  2. Select the management group that has all the required subscriptions you want to track costs for. If you do not have a management group, follow the steps in the Creating a new Management group section below to create a new management group.
  3. Select Access Control (IAM) tab.
  4. Click Add role assignment.
    management groups add role
  5. On the Add role assignment page, select the required role based on the account type from the Roles section.
    Select the role
  6. Click Next.
  7. Select the custom application that you created from the Members > Select members drop-down list.
    select members
  8. Click Select.
  9. Click Review+assign. The required permissions will be added to the registered application.
    review and assign

Obtaining the required permissions through Subscriptions

To obtain the required permissions through Subscriptions, follow the steps below:

  1. Go to Subscriptions.
  2. Select the subscription for which you want to track costs.
  3. Select the Access Control (IAM) tab.
  4. Click Add role assignment.
    Add Azure role
  5. On the Add role assignment page, select the required role based on the account type from the Roles section.
  6. Click Next.
  7. Select the custom application that you created from the Members > Select members drop-down list.
  8. Click Select.
  9. Click Review + assign. The required permissions will be added to the registered application.

Obtaining the additional permissions for MCA or EA account

In addition to the permissions obtained through Management groups or Subscriptions, the Microsoft Customer Agreement (MCA) and Enterprise Agreement (EA) account requires further role permissions. 

To obtain the necessary permissions through Cost Management and Billing for Microsoft Customer Agreement (MCA) account type, follow the steps below:

  1. Search for Cost Management + Billing in the Search bar and select Cost Management + Billing from the search results.
  2. Select Access Control (IAM).
  3. Click Add.
  4. Select Billing account reader role from the Add role assignment page.
  5. Choose the application you have created recently from the Users, groups, or app drop-down list.
  6. Click Add.

To assign Enterprise reader role to service principal follow the steps mentioned in the Azure documentation portal.

Creating a new Management group

To create a new Management group, follow the steps below:

  1. In the Microsoft Azure portal, navigate to the Management groups section.
    Azure management group
  2. Click Create to create a new management group.
    create management group
  3. In the Create management group window, enter the Management group ID and Management group display name.
  4. Click Submit.
  5. Click the management group that you created on the Management groups page.
    open management group
  6. Click + Add subscription and add all required subscriptions to the management group to analyze the cost data.
    Azure adding subscriptions
  7. Click Save.

Connect your Azure account with CloudSpend

After registering an application in Microsoft Entra ID and adding the required roles to the registered application, you can connect your Azure account with CloudSpend.

To connect your Azure account with CloudSpend:

  1. On the CluodSpend Integrate Account page, provide a DisplayName.
  2. Set the Public Cloud Provider as Azure.
    Azure integrate
  3. Select the Data Fetching Mode. The available options are Exports and Consumption API
    1. For Exports option:
      1. If you've already created exports and stored them in the storage account, toggle the Configure Exports option to Yes and fill in the below fields. If you have not created exports and stored them in the storage account, follow the steps provided in the creating exports and then fill in the below fields.
        • Storage Account Name: Paste the Storage Account name obtained from Azure portal.
        • Storage Container Name: Paste the storage Container name obtained from Azure portal.
        • Directory Path: Paste the Directory path obtained from Azure portal.
        • Export Name: Paste the Export name obtained from Azure portal.
      2. Set the Azure Account Type as Pay As You Go, EA, MCA, or your Site24x7 Account.
        Exports
    2. For Consumption API option:
      • Set the Azure Account Type as Pay As You Go, EA, MCA, or your Site24x7 Account.
      • Choose your Access Type as Subscriptions or Management Group.
      • If you've already created a management group and added subscriptions to that management group, switch the selected tab to Yes and follow the steps mentioned in the UI. If not, create a management group and add subscriptions to that management group.
  4. Enter the Tenant ID, Application ID, Application Secret Key, and Application Secret Key Expiration Date, which you created in the above steps.
  5. Enter the Start Date for Bill Processing. The starting date for bill processing determines the date from which your bills get processed.
  6. Click Save.
    Azure access

©2024, Zoho Corporation Pvt. Ltd. All Rights Reserved.

Top
Back to Top