Skip to main content
All CollectionsAdding an account to Uniskai
Adding Azure account with Read-only access with Entire tenant using Automatic connection
Adding Azure account with Read-only access with Entire tenant using Automatic connection

Learn how to add Azure Entire tenant read-only account using Automatic connection

Updated over a month ago

You need permission to create service clients and assign roles to add an Azure subscription.

Step 1

Skip to Step 3 if you came to this guide from the Connect your Azure subscription

page.

Go to the "Account Manager" tab, pinned at the bottom of the left menu.

Your Account Manager menu will look like the picture below if you don't have any accounts. Click the ‘Add environment’ button.

If you already have some accounts, your Account Manager menu will display differently. Click the ‘Add environment’ button.

Choose Azure cloud service.

Select Entire tenant.

Step 2

You will be directed to the ‘Connect your Azure tenant’ page.

Step 3

In the first field, enter an Account name. You can use a specific name (up to 32 characters) or leave it as the default ‘AZURE.’

Step 4

Choose the Access type (The selected type will be marked with a white dot on a blue background):

  • Read/write: You will get full visibility of your cloud environment and optimization insights

  • Read-only: You will be able to actively save money and fix all issues

For this manual, we use Read-only mode

Step 5

Then, select the Connection (the selected connection will have a white point on a blue background):

  • Automation: A shell script will automatically create a JSON key file.

  • Manual: You will need to create a new Service Principal manually and provide connection metadata.

Now, select the Automatic connection.

Step 6

Log in to Azure and open the Cloud Shell console.

Cloud Shell will look like this:

Step 7

Note: When opening the shell for the first time, you'll be prompted to create a new storage account. You can create one automatically with a click on ‘Create storage’ or set the storage account and file share names using advanced settings.

After creating storage, you will see a Cloud Shell terminal that looks like this:

Step 8

Import the setup automation module by executing this command (just paste the next code into the Cloud Shell terminal):

Invoke-Expression $([System.Text.Encoding]::UTF8.GetString($(Invoke-WebRequest -Uri `
"https://uniskai-eu-templates.s3.eu-central-1.amazonaws.com/azure/setup-uniskai-connection.ps1" `
-UseBasicParsing).Content))

Executed code will look like this:

Step 9

Define the scope for connection. Find your subscription ID in the Management Groups, which lists all entities associated with your Azure account and includes the name and ID for each one.

$Scope = '/providers/Microsoft.Management/managementGroups/<YOUR_MANAGEMENT_GROUP_ID>'

Step 10

Run the setup procedure. Use -Access ReadOnly for read-only access:

$Connection = Setup-UniskaiConnection `
-Access 'Read' `
-Scope $Scope `
-ApplicationName 'Uniskai' `
-PrincipalId ''
$Connection

Step 11

Configure Azure cost exports.

Setup-CostExports `
-Scope $Scope `
-PrincipalId $Connection.principal_id `
-StorageAccountId '' `
-StorageSubscriptionId $Connection.subscription_id `
-HistoryMonths 12

Step 12

Get the setup script's generated config file and upload it to Uniskai.

$configFile = "uniskai-connection.json"
$Connection | ConvertTo-Json | Out-File -FilePath $configFile

Write-Output "Connection configuration file created: $configFile"
Write-Output "Download this file and register it in Uniskai."
Write-Warning "If you are using Azure PowerShell, click on the Upload/Download files button at the toolbar,"
Write-Warning "enter the '$configFile' file name and click on Download."

Note: If you're using Azure Cloud Shell, click the Upload/Download files button on the toolbar, choose Download, enter the script's output file name, and click Download. Then click on the “Click here to download your file.” link that appears on the bottom right.

Troubleshooting

1. If you see $0 in Uniskai billing after refreshing the account, please check that you have access to view Azure costs in this subscription. If you don’t see any values in Cost analysis or your export files have all cost columns equal to 0, ask your admin to enable policy to view Azure charges.

2. Cost export creation might fail when you are not using Enterprise Agreement Subscriptions.

An error occurred: ERROR: (404) No EA Subscriptions for Management Group with managementGroupId: {name of managment group} were found ...

You can create cost exports manually via Azure Portal UI for the desired scope or each subscription separately.

Step 13

Go to the Uniskai page and upload the created JSON file:

Check all information and click the ‘Connect subscription’ button:

Step 14

The account was successfully connected; you can see the connected account on the Account Manager page:

Did this answer your question?