Azure Client Authorization Configuration¶

The Script Market supports collecting cloud resources/cloud monitoring metrics through Azure App Registration and reporting them to TrueWatch. This document explains how to complete the collector authorization configuration.

Create an App Registration in Azure Portal¶

In the Microsoft Entra ID page navigation bar, find App registrations and click New registration.
Enter the application name as required, set Supported account types to this organizational directory only, and click Register.

Authorize the Application¶

Find the subscription that needs to be monitored, click Access control (IAM), and select Add role assignment.
Under the Role Tab, search for Monitoring Reader and select it.
Under the Members Tab, click Select members, search for the application name created above in the pop-up, select it, and click Select.
Click Review + assign to complete the authorization.

Tip

Repeat this operation for other subscriptions that need to be monitored, or you can directly authorize the application in the management group (Management groups), so that the application will automatically have permissions for all subscriptions under the management group.

Create a Secret for the Application¶

Under App registrations, find the application created above, click Mange > Certificates & secrets.
Select Client secret and click + New client secret, customize the Description, fill in Expired as needed, and click Add.
Copy the value of the secret (Azure Client Secret Value) for later use.

Script Market Collector Configuration¶

The parameters required for installing the Azure collector in the Script Market are as follows:

Azure Tenant ID: Tenant ID
Azure Client ID: Application Registration Client ID
Azure Client Secret Value: Client Secret Value (mentioned above, needs to be copied for later use)

Among them, Azure Tenant ID and Azure Client ID can be found on the overview page of the application:

Appendix:¶

Authenticate to Azure resources from a locally hosted Python application