...
Cloudaware supports auto-discovery of Azure Reservations. To grant Cloudaware access to Azure reservations:
Log in to the Azure portal. Select Reservations.
Select the tab 'Role Assignment'. Click +Add → Add role assignments.
a. Under the tab 'Job function roles' select Reservations Reader → Next.
b. Under the tab 'Members' select the following settings:
Role: Reservations Reader
Assign access to: User, group, or service principal
Members: click +Select members → start typing the name of the Azure application created for Cloudaware access (in this guide, cloudaware-api-access)→Select.
Click Review + assign.
...
Cloudaware supports auto-discovery of AKS Clusters and AKS Cluster Agent Pool Profiles by default. Grant Cloudaware the permission Microsoft.ContainerService/managedClusters/listClusterUserCredential/read to enable the discovery and collection of AKS Cluster objects.
Log in to the Azure portal. Select Subscriptions.
Select the subscription. Go to 'Access Control (IAM)' on the left. Click +Add → Add role assignment:
a. Under the tab 'Role': in 'Job function roles' select Azure Kubernetes Service Cluster User Role → Next.
b. Under the tab 'Members':
Assign access to: User, group, or service principal
Members: click +Select members → start typing the name of the Azure application created for Cloudaware access (in this guide, cloudaware-api-access)→Select.
Click Review + assign.To view Azure AKS resources, go to Cloudaware CMDB Navigator. Select MICROSOFT AZURE → COMPUTE → AKS.
...
To grant Cloudaware access to Azure Active Directory Devices:
Log in to the Azure portal. Select App registrations.
Select the Azure application created for Cloudaware access. Go to API permissions → Add a permission.
Select Microsoft Graph → Application permissions:
In DeviceManagementManagedDevices: select DeviceManagementManagedDevices.Read.All → check the box → click Add permissions.
In DeviceManagementConfiguration: select DeviceManagementConfiguration.Read.All → check the box → click Add permissions.Click Grant admin consent for
<Directory Name>
to populate permissions.To view Azure Active Directory Devices and related data, go to Cloudaware CMDB Navigator. Select MICROSOFT AZURE → SECURITY, IDENTITY, COMPLIANCE → Active Directory → Azure Active Directory Devices.
The following Azure Active Directory objects managed by Intune* are supported:Azure Active Directory Device
Azure Active Directory Device Config
Azure Active Directory Device Fact
Azure Active Directory Device MountPoint
...