1. Create a Microsoft Azure Integration Card
- From the top navigation menu, select Integrations.
- Click the Microsoft Azure card.
- In a separate, new tab, open the Azure portal.
The following instructions were created using the Azure portal not the classic portal. Instructions vary depending on which portal you’re using.
2. Create an Active Directory Application in Azure
- Once in the Azure portal, click Azure Active Directory from the left side menu.
- Click the App registrations widget.
- Click Add at the top. A Create window will open.
- Type the name of the application. We recommend Azure / Metricly Integration, or something similar.
- Ensure the Application Type is Web app / API.
https://app.metricly.com for the Sign-on URL.
- Click Create at the bottom of the window.
3. Get the Application ID, Application Key, & Tenant ID
- Select your new application from the App registrations list. The application’s Essentials and Settings windows open.
- Copy the Application ID (also known as the Client ID) and return to the tab with Metricly open. Paste it into the Client ID field. Once it’s pasted, return to the Azure tab.
- From the Settings window, click Keys.
- In the Keys window, add a
description for the key.
- Select a duration for the key.
- Click Save at the top of the Keys window.
- Copy the Key’s Value and return to the tab with Metricly open. Paste it into the Access Key field. Once it’s pasted, return to the Azure tab.
- Return to the App registrations window and click Endpoints.
- From the list of endpoints, you’ll notice your
Tenant ID in each of the URLs. Copy the
Tenant ID from one of the endpoints and return to the tab with Metricly open. Paste it into the Tenant ID field. Once it’s pasted, return to the Azure tab.
4. Set Delegated Permissions
- Open the application’s settings window and click Required permissions.
- Click Add at the top of the Required permissions window.
- In the Add API access window, click step 1. Click Windows Azure Service Management API, then click Select at the bottom of the Select an API window.
- Click step 2 and select the Delegated Permissions checkbox, then click Select at the bottom of the Enable Access window.
After selecting the Delegated Permissionscheckbox, you may have to clear and then select the Access Azure Service Management as organization users (preview) checkbox again to activate the Select button.
- Click Done in the Add API access window.
5. Collect Subscription ID and Set Role
To assign a role to the application, you’ll need the Owner or User Access Administrator role in Azure (the Contributor role will not work) or a custom role that grans write access for Microsoft.Authorization. You can check your permissions for the subscription by opening the user account menu (top right-hand corner), clicking My permissions, and then selecting the relevant subscription from the drop-down menu. If you don’t have the correct permissions, contact your subscription administrator.
- Navigate to Subscriptions in Azure.
If you don’t see Subscriptions in your side menu, click More services and search for
Subscriptions using the filter.
- Copy the Subscription ID and return to the tab with Metricly open. Paste it into the appropriate field. Once it’s pasted, return to the Azure tab.
- Click the appropriate subscription.
- Click Access Control (IAM).
- Click Add.
- Select Reader for the role.
- Search for the application you created in Step 1, and select it. Click Select at the bottom of the window.
After permissions have been set, return to Metricly to include or exclude as many Azure element types as you want. Azure VM and Azure Application Gateway are enabled by default.
Optionally, filter elements.
Use with Agents
If you install our Linux agent or Windows agent on an Azure VM, the VM’s power state (attribute
hostRunning with a value of
false) and tags are copied over to the corresponding Linux
SERVER element / Windows
WINSRV element. You can then use this information to create policies.