Prerequisites for configuring Azure instance

This section describes the prerequisites that you must perform before you configure an Azure instance with the KM.

Before configuring a policy to start monitoring your Azure environment, perform the following in your Azure portal. The values that you copy to a text file are required to configure an infrastructure policy to monitor your Azure portal.

The following video (3:23) provides the steps that you must perform before configuring a policy to monitor your Azure environment.



 https://youtu.be/vJtM-iFJXQo


ActionDetails
Copy Tenant ID to a text file
  1. From Azure portal menu, click Azure Active Directory.
  2. From the Tenant information tile, copy the Tenant ID value.
Create an application

Create an application through which KM gets access to your Azure environment for monitoring. After creating the application, create a secret key for it. Copy the Application ID and Secret Key of the application that you created and save it to a text file.

After creating the application, assign the following API Permissions to the application: Azure Service Management: Access Azure Service Management as organization users.

  1. Go to App registrations > New registration.
  2. In the Name field, enter a name of the application.
    1. For example, BMCApplication.
  3. In the Supported account types field, ensure that Accounts in this organizational directory only option is selected.
  4. In the Redirect URI field, select Web and enter the redirect URL.
    For example, https://BMCApplication.
  5. Click Register.
  6. On the application details page that is shown, copy value of the Application (client) ID field.
  7. Select your client application and click API permissions > Add a permission.
    Add the following permissions:

    API / Permission nameTypeDescription
    Azure Service ManagementDelegatedTo access Azure Service Management as organization users
    Azure storage (user_impersonation)DelegatedTo access Azure storage
    Microsoft Graph (User.Read)DelegatedTo sign in and read user profile
  8. To configure certificate, perform one of the following action:
    1. Add new client secret
      1. Go to Certificates & Secrets > Client secrets > New client secret.
      2. In the Description field, enter a key description.
      3. In the Expires field, select the duration of the key and click Add.
      4. In the Client secrets section, copy the value of the client secret that you added.
    2. Upload certificate
      1. Select Certificates & secrets > Certificates > Upload certificate.
      2. Select the file you want to upload. It must be one of the following file types: .cer.pem.crt.
      3. Select Add. Copy the value of the certificate thumbprint.

Assign a role to the username with which you want the KM to connect to your Azure environment

  1. Go to Home > Subscription.

  2. Click the subscription that you want to monitor.

  3. Click Access Control (IAM) > Add > Add Role Assignment.

  4. From the Role list, select Monitor Reader.

  5. In the Assign access to list, ensure that User, group, or service principal is selected.

  6. In the Select list, select the application that you created and click Save.

  7. To add permission for the Storage Account Contributor role, click Add > Add role assignment.
    You need to assign this permission only if you want to monitor virtual machines and storage account services.

  8. From the Role list, select Storage Account Contributor.

  9. In the Assign access to list, ensure that User, group, or service principal is selected.

  10. In the Select list, select the application that you created and click Save.








Was this page helpful? Yes No Submitting... Thank you

Comments