This article explains how to set up a Cloudaware application in Microsoft Azure. Ensure you have the necessary permissions in the Azure portal.
Summary
To integrate Microsoft Azure with Cloudaware:
Create a new Azure application for Cloudaware.
Assign API permissions:
Azure Service Management
Delegated permissions:
user_impersonation
Microsoft Graph
Application permissions:
Directory.Read.All
Delegated permissions:
Directory.Read.All
Add role assignments:
Choose the scope
Assign roles under
Tenant Root Group
for subscription auto-discoveryOr under specific subscription
Roles:
Reader
Members: Application created in #1
Upload a certificate from Cloudaware.
For detailed setup instructions, refer to the in-depth guidelines below.
Create Azure application for Cloudaware
Log in to the Azure portal. Select Microsoft Entra ID.
Under 'Manage', go to 'App registrations' → +New registration.
Set up the application as follows:
Name: cloudaware-api-access
Supported account types: Accounts in this organizational directory only (Default Directory only - Single tenant) OR Accounts in any organizational directory (Any Azure AD directory - Multitenant)
Redirect URI (optional): Web - https://cloudaware.com/
Click Register.
Configure API permissions
Select the created Azure application (in this guide, cloudaware-api-access).
Go to 'API permissions' → +Add a permission.
Select the tab 'Microsoft APIs'.
For Azure Service Management:
Select the tile 'Delegated permissions' → check the box 'user_impersonation. Access Azure Service Management as organization users (preview)'. Click Add permissions.
For Microsoft Graph:
Select the tile 'Delegated Permissions'* → Directory → check the box Directory.Read.All. Click Add permissions.
Select the tile 'Application Permissions' → Directory → check the box Directory.Read.All. Click Add permissions.
*Note that User → User.Read (Sign in and read user profile) permission is added by default when the application is created.
Ensure that all necessary permissions are assigned as below:
Click Grant admin consent for
<Directory Name>
to populate permissions.
Microsoft takes up to 30 minutes to populate the permissions added in previous steps.