Pre-requisites for Monitoring a Microsoft Azure Subscription

As mentioned already, you need to fulfill the following key pre-requisites to enable the eG agent to monitor an Azure Subscription:

  1. The eG agent should be configured to connect to the Azure cloud and make Azure ARM REST API calls. For this purpose, you need to do the following:

    • Register an Application with an Azure AD Tenant;

    • Determine the Tenant ID, the Application (Client) ID and Secret Key value associated with the registered Application;

    • Assign the Application to a Subscription and grant 'monitoring' rights to it

    Refer to Configuring the eG Agent to Monitor a Microsoft Azure Subscription Using Azure ARM REST API topic to know how to perform each of the steps discussed above.

  2. The eG agent should be configured to read from logs sent to a Log Analytics Workspaces. To achieve this, refer to Configuring the eG Agent to Read Logs Sent to Log Analytics Workspacestopic.

  3. In addition to the above, you also need to grant Certificate Get and List permissions to the Azure AD Application that you created for monitoring purposes. This is required to enable the Azure Key Vault test to monitor the status (whether active or expired) of certificates stored in an Azure Key Vault and report their details. To know how to grant these permissions, refer to theGranting Get & List Permissions to the Azure AD Application for Monitoring Key Vault Certificatestopic.

  4. Furthermore, for some of the eG tests to run and report metrics, the eG agent should be allowed access to the following endpoint URLs:

    • https://westus2.api.loganalytics.io

    • https://login.microsoftonline.com

    • https://vault.azure.net

    • https://login.windows.net

    • https://management.azure.com

    If the eG agent is behind a firewall, then make sure that the firewall is configured to allow access to the aforesaid URLs.