Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Cloudaware supports auto-discovery of Azure Reservations. To grant Cloudaware access to Azure reservations:

  1. Log in to the Azure portal. Select Reservations.

  2. Select the tab 'Role Assignment'. Click +AddAdd role assignments.

    a. Under the tab 'Job function roles' select Reservations Reader → Next.

    b. Under the tab 'Members' select the following settings:
    Role: Reservations Reader
    Assign access to: User, group, or service principal
    Members: click +Select members → start typing the name of the Azure application created for Cloudaware access (in this guide, cloudaware-api-access)Select.

    Click Review + assign.

...

Cloudaware supports auto-discovery of AKS Clusters and AKS Cluster Agent Pool Profiles by default. Grant Cloudaware the permission Microsoft.ContainerService/managedClusters/listClusterUserCredential/read to enable the discovery and collection of AKS Cluster objects.

  1. Log in to the Azure portal. Select Subscriptions.

  2. Select the subscription. Go to 'Access Control (IAM)' on the left. Click +AddAdd role assignment:

    a. Under the tab 'Role': in 'Job function roles' select Azure Kubernetes Service Cluster User Role → Next.

    b. Under the tab 'Members':
    Assign access to: User, group, or service principal
    Members: click +Select members → start typing the name of the Azure application created for Cloudaware access (in this guide, cloudaware-api-access)Select.

    Click Review + assign.

  3. To view Azure AKS resources, go to Cloudaware CMDB Navigator. Select MICROSOFT AZURE → COMPUTE → AKS.

    Azure start guide - additional permissions - AKS - AKS in CMDB.png

...

To grant Cloudaware access to Azure Active Directory Devices:

 

  1. Log in to the Azure portal. Select App registrations.

  2. Select the Azure application created for Cloudaware access. Go to API permissions → Add a permission.

  3. Select Microsoft Graph → Application permissions:

    In DeviceManagementManagedDevices: select DeviceManagementManagedDevices.Read.All → check the box → click Add permissions.
    In DeviceManagementConfiguration: select DeviceManagementConfiguration.Read.All → check the box → click Add permissions.

  4. Click Grant admin consent for <Directory Name> to populate permissions.

  5. To view Azure Active Directory Devices and related data, go to Cloudaware CMDB Navigator. Select MICROSOFT AZURE → SECURITY, IDENTITY, COMPLIANCE → Active Directory → Azure Active Directory Devices.

    Azure start guide - additional permissions - Intune - AD devices in CMDB.png



    The following Azure Active Directory objects managed by Intune* are supported:

    Azure Active Directory Device
    Azure Active Directory Device Config
    Azure Active Directory Device Fact
    Azure Active Directory Device MountPoint

...