Improvements

• Service Principal Credential support for Azure EA and MCA accounts provides an alternative method of credentialing Azure billing accounts in CloudCheckr (existing Azure EA/MCA credentialing methods continue to be supported).
  Additionally, it is possible to switch between initiating consent via User Consent or leveraging Service Principal directly on the Manage credentials page. Use these steps to credential Azure EA and MCA accounts using a Service Principal:  

  • Log in to CloudCheckr, and navigate to the 'Use Service Principal with secret key' tab on the Azure credentials page. Input the Tenant ID, Application ID, Secret Key, and specify the Account type (EA or MCA). 
  • Start in the Configure Account screen in CloudCheckr Core UI, select the Collect billing data from my Enterprise Agreement option, and the Use Service Principal with Secret Key tab.

1. Log into your Azure portal find and select the Microsoft Entra ID service. Use the search box if you don’t see it right away.
2. Locate your Tenant ID and copy it. Return to the CloudCheckr Configure Account screen and paste at step two.
   
3. Return to the Azure portal and in the left-side menu, under Manage, click open App Registrations.
4. Click the New registration button.

5. On the Register an application screen 

   1.  make up a Name (this can be changed later) 
   2.  for Supported account types select Accounts in this organizational directory only 
   3.  for Redirect URI select Web and enter https://localhost 

   4.  click Register to save.

      

       

6. Back in the Azure portal new App registrations screen, copy the Application (client) ID. While there collect the Object ID and Directory (tenant) ID for later use. Then return to the CloudCheckr Configure Account screen and paste Application (client) ID at step seven. 

   

   
   

7. Return to the Azure portal. In the left-side menu, under Manage, select Certificates & secrets. 
8.  In the center, under Client secrets, select New client secret.

9. On the Add a client secret screen 

   1. make up a Description 
   2. choose when it Expires 
   3. click Add to save
      

10. Copy the Value from the new client secret, return to the CloudCheckr Configure Account screen, and paste step eleven.

    

11. Return to the Azure portal and navigate to the Cost Management + Billing Overview screen. Collect the Billing account ID for use in the next step. 

12. Use the Role Assignments – Put testing screen to assign the Enrollment Reader role to the registered application via API call. Navigate here Role Assignments - Put - REST API (Azure Billing)  Sign in as Enterprise Admin, then click the green Try it button to open the API testing screen.

    

• In order to credential Azure MCA billing accounts, follow the steps as shown in the Azure credentials page below, it is similar to that of how Azure EA accounts are credentialed except the way roles are assigned to the registered Application in the tenant which are mentioned from the step 12 onwards.

  

•  Now in CMx, users can also choose to switch credentialing mechanism between User Consent and Service Principal for EA and MCA billing accounts.

  • For credentialing a new EA/MCA project,  users can Click on Manage Credentials button and choose the authentication mechanism from the dropdown as shown below. 

    

     

  • For switching between the credential mechanism for the existing Azure EA/MCA projects, Click on Manage Credentials button and select the option accordingly.

    

Bug Fixes

• Addressed an issue preventing successful Azure VM Inventory data ingestion when flexible Scale Sets are in use.    
• Clarified via application Info Bubble that RI and SP amortized monthly charges for the entire month show at the beginning of the month. 
• Aligned weekly cost emails generated by a Saved Filter as well as the month-to-date cost emails with the totals represented in the UI, fully accounting for new AWS-reported spend. 
• Addressed an issue preventing Idle or Unused Load Balancers from being reported correctly in the Best Practice Checks.