Pre-Requisites for Monitoring Microsoft Azure (ARM)

The eG agent collects metrics from the target Microsoft Azure cloud in an agentless manner only.

In order to collect metrics from the target Microsoft Azure cloud, the eG agent communicates with the target Microsoft Azure cloud using Java API calls. To collect the required metrics, the eG agent requires the following:

Directory ID of the target Microsoft Azure cloud;
Access token in the form of an Application ID and Client secret.

Broad Steps to Determine the Tenant ID and the Access Token

Create a Web Application in the Active Directory of the target Microsoft Azure.
Figure out the Tenant ID, the Application ID and Key value associated with the Application ID.
Grant the required privileges to the Web Application from the Subscription of the target Microsoft Azure.

Creating a Web Application

To create the Web Application, do the following:

Login to Microsoft Azure portal using https://portal.azure.com with valid credentials.
Click on Azure Active Directory icon in the leftmost pane (see ).

Figure 1 : Selecting the Azure Active Directory option
Click the App Registrations in the panel that appears when the Azure Active Directory is clicked. Figure 2 will then appear.

Figure 2 : Registering new application
Click the New application registration in Figure 2. The Register an application will then appear as shown in Figure 3.

Figure 3 : Specifying the details of the new web application

In Figure 3, specify the following:

The name of the web application in the Name text box,

Select the type of the account from the Supported account types section.

Supported account types	Description
Accounts in this organizational directory only	Select this option if you're building a line-of-business (LOB) application. This option is not available if you're not registering the application in a directory. This option maps to Azure AD only single-tenant. This is the default option unless you're registering the app outside of a directory. In cases where the app is registered outside of a directory, the default is Azure AD multi-tenant and personal Microsoft accounts.
Accounts in any organizational directory	Select this option if you would like to target all business and educational customers. This option maps to an Azure AD only multi-tenant. If you registered the app as Azure AD only single-tenant, you can update it to be Azure AD multi-tenant and back to single-tenant through the Authentication blade.
Accounts in any organizational directory and personal Microsoft accounts	Select this option to target the widest set of customers. This option maps to Azure AD multi-tenant and personal Microsoft accounts. If you registered the app as Azure AD multi-tenant and personal Microsoft accounts, you cannot change this in the UI. Instead, you must use the application manifest editor to change the supported account types.

Supported account types

Description

Accounts in this organizational directory only

Select this option if you're building a line-of-business (LOB) application. This option is not available if you're not registering the application in a directory.

This option maps to Azure AD only single-tenant.

This is the default option unless you're registering the app outside of a directory. In cases where the app is registered outside of a directory, the default is Azure AD multi-tenant and personal Microsoft accounts.

Accounts in any organizational directory

Select this option if you would like to target all business and educational customers.

This option maps to an Azure AD only multi-tenant.

If you registered the app as Azure AD only single-tenant, you can update it to be Azure AD multi-tenant and back to single-tenant through the Authentication blade.

Accounts in any organizational directory and personal Microsoft accounts

Select this option to target the widest set of customers.

This option maps to Azure AD multi-tenant and personal Microsoft accounts.

If you registered the app as Azure AD multi-tenant and personal Microsoft accounts, you cannot change this in the UI. Instead, you must use the application manifest editor to change the supported account types.

Then, select the type of app you are building, Web or Public client (mobile & desktop), and then enter the redirect URl (or reply URL) for your application in the Redirect URl text box. For web applications, provide the base URL of your app. For example, http://localhost:31544 might be the URL for a web app running on your local machine. Users would use this URL to sign in to a web client application. For public client applications, provide the URL used by Azure AD to return token responses. Enter a value specific to your application, such as https://DocApp.com//auth.

Clicking the Register button in Figure 3 will create the Web Application. Then, the Overview page of the created application will appear as shown in Figure 4.

Figure 4 : The successfully created web application

From the Overview page, you can obtain the Application ID and Directory ID (see Figure 4). Copy the Application ID and the Directory ID and paste them against the Client ID and TENANT ID text boxes while configuring the tests associated with Microsoft Azure that is to be monitored.

Obtaining the Client Secret

For the eG agent to obtain metrics from the target Microsoft Azure, it is necessary to provide the client secret associated with the created Web Application. For this, click on the Certificates & secrets option under the Manage node as shown in Figure 4. This will invoke Figure 5.

Figure 5 : Creating New Client Secret

Clicking on the New client secret button in Figure 5 will invoke Figure 6. Specify the description of the client secret in the Description text box and choose an expiry period from the Expires section as shown in Figure 6.

Figure 6 : Adding the client secret

Clicking the Add button in Figure 6 will display a client secret value in the Value section as shown in Figure 7.

Figure 7 : Generating the client secret value for the web application

Note that the Value will disappear once you leave this page, so make sure that you copy the new client secret value in the clipboard by clicking the icon. Otherwise, you may need to generate a new client secret value. The client secret value has to be specified against the Client password field in the test configuration page.

Granting the Reader privilege to the Web Application

Once the web application is created, the web application should be granted Reader privilege on the Subscription associated with the Azure Active Directory. To grant the Reader privilege, do the following:

Click on All services option in the leftmost pane as shown in Figure 9.

Figure 8 : Clicking the All services option
A context-sensitive menu sequence then appears in the right panel. Clicking the Subscriptions label from this panel in Figure 8 opens another context sensitive panel to the right. This will list all the subscriptions associated with your Azure account.

Figure 9 : Adding the Subscription

Select the subscription that is associated with the target Microsoft Azure and click the Access Control (IAM). In the next panel, click the Add button (seeFigure 9). In Figure 10 that appears, choose the Reader role from the Role list. In the Select text box, type the first few alphabets of the web application that you have created. Your selection will then appear as shown in Figure 10.

Figure 10 : Granting the Reader role to the created web application

Clicking the Save button in Figure 10 will save your changes.