Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Info

This article explains how to set up a Cloudaware application in Microsoft Azure. Ensure you have the necessary permissions in the Azure portal.

Summary

 

To integrate Microsoft Azure with Cloudaware:

  1. Create a new Azure application for Cloudaware.

  2. Assign API permissions:

    • Azure Service Management

      • Delegated permissions: user_impersonation

    • Microsoft Graph

      • Application permissions: Directory.Read.All

      • Delegated permissions: Directory.Read.All

  3. Add role assignments:

    • Choose the scope

      • Assign roles under Tenant Root Group for subscription auto-discovery

      • Or under specific subscription

    • Roles: Reader

    • Members: Application created in #1

  4. Upload a certificate from Cloudaware.

For detailed setup instructions, refer to the in-depth guidelines below.

Create Azure application for Cloudaware

  1. Log in to the Azure portal. Select Microsoft Entra ID.

  2. Under 'Manage', go to 'App registrations' → +New registration.

  3. Set up the application as follows:

    Name: cloudaware-api-access
    Supported account types: Accounts in this organizational directory only (Default Directory only - Single tenant) OR Accounts in any organizational directory (Any Azure AD directory - Multitenant)
    Redirect URI (optional): Web - https://cloudaware.com/

    Click Register.

Configure API permissions

 

  1. Select the created Azure application (in this guide, cloudaware-api-access).

  2. Go to 'API permissions'→ +Add a permission.

  3. Select the tab 'Microsoft APIs'.
    For Azure Service Management:
    Select the tile 'Delegated permissions' → check the box 'user_impersonation. Access Azure Service Management as organization users (preview)'. Click Add permissions.

    For Microsoft Graph:
    Select the tile 'Delegated Permissions'*Directory → check the box Directory.Read.All. Click Add permissions.
    Select the tile 'Application Permissions' → Directory → check the box Directory.Read.All. Click Add permissions.

*Note that User → User.Read (Sign in and read user profile) permission is added by default when the application is created.

Ensure that all necessary permissions are assigned as below:

  1. Click Grant admin consent for <Directory Name> to populate permissions.

Note

Microsoft takes up to 30 minutes to populate the permissions added in previous steps.