Skip to content

Getting Started

To set up access for your Azure environment, follow these steps:

  1. Create a Service Principal in Entra ID:
    • You’ll need a service principal for authentication. You can create one in the Azure Portal or via PowerShell script.
    • The script will create the service principal, a custom role, and assign this role at the desired scope.
  2. Assign Permissions to Read Data:
    • Ensure that the service principal has read permissions over the resources in your Azure subscriptions.
    • Additionally, grant read access to billing data and any necessary permissions for tagging (although tagging is optional and not enabled by default).

Data we gather

  1. KQL queries in Resource Data Graph Explorer
  2. We read information available when browsing Azure Portal, configuration settings, references to other resources, size of VM, Storage Account Redundancy, health state of VMs in Scale Set, ...
  3. Billing & Costs data
  4. Activity Logs - for shutdowns of VMs, latest creation of some resource
  5. Metrics - tons of them

Data we don't access

  1. Storage account contents
  2. Database data
  3. Not accessing VMs directly (no RDP or SSH)
  4. Basically we don't look at inner data of resources
  5. Log Analytics Workspaces data

Onboarding process link