PierCloud FinOps Platform - Azure MOSP Basic Configurations

Basic Configuration Process for Pier Cloud FinOps Platform

Welcome to Pier Cloud!

This document is intended to be a guide for you to prepare the environment so that Pier Cloud can install the Platform modules in your account.

The process will allow Pier Cloud to read billing information without any possibility of changing or deleting data from your account. It will also allow access to read and edit items related to optimization (CCA).

The settings in this documentation are used to enable the modules: Lighthouse and CCA.

Lighthouse and Cloud Compliance Analyzer (CCA)

Permissions and Service Principal Creation

Check your permissions in Azure AD

  • In the Azure Portal, select your Microsoft Entra ID or Azure Active Directory;

  • Find your role in Overview>My feed. If your role is “User”, you must ensure that roles other than Administrator can register applications;

  • In the left side panel, select “Users” and then “User settings”;

  • Check the “App registrations setting”. This value can only be set by the administrator. If set to “Yes”, any user in the Azure AD tenant can register an app.

Attention: If the settings are set to “NO”, only someone with the administrator role will be able to make this configuration.

  1. Log in to your account via the Portal and access the Microsoft Entra ID menu. This Service Principal can be used for Lighthouse, CCA, Reservations and Savings Plans.

  1. In the Microsoft Entra ID section, select the App Registrations option in the side menu.

  1. Click the + Add button, then select the App Registration option.

  1. Enter the desired name for the Application, in the Supported account types section choose the option Accounts in any organizational directory (Multitenant), finish by clicking on Register.

  1. After creating the application, generate a secret.

  1. Click on the + New client secret button, on the form next to it click on the Add button.

  1. Copy the generated secret value, the expiration date and save it in a notepad.

  1. Click on Overview and copy the Application (client) ID, Directory (tenant) ID values ​​and save them together with the previous information.

  1. To complete the process, you will need to add the Reader role to the Tenant for the Service Principal you created. In the search bar, search for Management Group and then click on the Tenant that will be granted permission.

  1. Now, click on Access control (IAM) and then on + Add, Add role assignment.

  1. Search for Reader, click Next.

  1. On the next page click on Select Members, look for Service Principal in the left side menu, select it and click on Select.

  1. To finish, click on Review + assign.

PreviousPierCloud FinOps Platform - Azure Basic ConfigurationsNextGCP Provider

Last updated