Add Azure Integration
    • Dark
    • PDF

    Add Azure Integration

    • Dark
    • PDF

    Article summary

    ControlUp provides out-of-the-box integration with your Azure environment into the Real-Time Console and our web UI, making it easy to monitor and troubleshoot your Azure resources like virtual machines or logical disks. The following article explains the preparation steps that you need to start managing and troubleshooting your Azure environment with ControlUp. After you follow the steps in this article, you will be up and running with our Azure integration, with practical understanding of how to configure the different ControlUp components. 

    Related topics:

    Azure Government
    Version 8.8 Maintenance Release and higher supports adding an Azure Government Cloud to ControlUp.

    To learn how to get started with Azure integration, watch our video.


    • ControlUp version 8.6 or higher.
    • Set up machines to be Data Collectors for the Azure connection. Data Collectors make the API calls to your Azure tenant. We strongly recommend that you configure a maximum of 5 subscriptions per Data Collector to prevent overloading. Depending on the number and size of your subscriptions, you might need to set up multiple Data Collectors. Learn more about Data Collector machine requirements and Azure throttling limits.
    • The Data Collector machines must have access to
    • An active Azure subscription. If you don't have a subscription yet, you need to create an Azure account here.
    • If you have an Azure Enterprise Agreement, make sure to allow Account Owners and Department Administrators to view charges in your Azure subscription.
    • Make sure the Microsoft Resource Health provider is registered for the Azure subscription you want to integrate with ControlUp.

    Benefits of monitoring your Azure environment with ControlUp

    • Easier management of your Azure resources
    • A comprehensive view of your Azure costs
    • Automating actions on your Azure resources

    Which resources can we monitor?

    We provide metrics for different Azure resources. You can monitor the following Azure resources in the Real-Time Console and the web U:

    • Subscriptions
    • Resource groups
    • Virtual machines
    • Virtual disks
    • Microsoft Entra ID (From 8.8)  (previously known as Azure Virtual Desktop)
      • Host Pools
      • Session Hosts
      • Workspaces
      • Application Groups

    Getting Started

    To take the first steps on your journey into the ControlUp integration with Azure, you need to create a Service Principal and generate a ClientID and Secret Key, which represent a username and password. Refer to Microsoft's official documentation to learn how to create a service principal. You need to provide the following information to connect ControlUp with Azure:

    • Tenant ID
    • Application ID
    • Secret Key
    Credentials should not be shared with other platforms or across ControlUp environments.

    Mandatory Roles for ControlUp

    Make sure you assign the following roles or custom roles to all Service Principals you want to use for ControlUp:

    If you are unable to use Azure's built-in roles, then create a custom role with these permissions and assign your service principal:

    • Microsoft.Resources/subscriptions/resourceGroups/read
    • Microsoft.ResourceGraph/resources/read
    • Microsoft.ResourceGraph/resourcesHistory/read
    • Microsoft.Subscription/aliases/read
    • Microsoft.Resources/subscriptions/read
    • Microsoft.Resources/subscriptions/resourceGroups/deployments/read
    • Microsoft.AzureActiveDirectory/b2ctenants/read
    • Microsoft.Compute/virtualMachines/vmSizes/read
    • Microsoft.Compute/locations/vmSizes/read
    • Microsoft.CostManagement/query/read
    • Microsoft.CostManagement/forecast/read
    • Microsoft.CostManagement/forecast/action
    • Microsoft.Compute/virtualMachineScaleSets/virtualMachines/read
    • Microsoft.Compute/virtualMachineScaleSets/read
    • Microsoft.ResourceHealth/AvailabilityStatuses/read
    • Microsoft.Compute/virtualMachines/read
    • Microsoft.Compute/disks/read
    • Microsoft.Compute/virtualMachines/instanceView/read
    • Microsoft.Compute/virtualMachines/providers/Microsoft.Insights/diagnosticSettings/read
    • Microsoft.Compute/virtualMachines/powerOff/action
    • Microsoft.Compute/virtualMachineScaleSets/virtualMachines/powerOff/action
    • Microsoft.Compute/virtualMachineScaleSets/virtualMachines/deallocate/action
    • Microsoft.Compute/virtualMachines/deallocate/action
    • Microsoft.Compute/virtualMachineScaleSets/virtualMachines/restart/action
    • Microsoft.Compute/virtualMachines/restart/action
    • Microsoft.Compute/virtualMachineScaleSets/virtualMachines/start/action
    • Microsoft.Compute/virtualMachines/reapply/action

    Learn more about assigning roles to a service principal in the official documentation.

    Create the Azure Connection in ControlUp

    After you have your Tenant ID, Application ID, and Client Secret, you can add the Azure connection to ControlUp. 

    To add a new Azure Cloud Connection:

    1. Open the Real-Time DX Console and click Add Cloud Connection
    2. In the Type field, select one of the following:
      1.  Microsoft Azure to add an Azure Commercial Cloud.
      2.  Microsoft Azure (Government) to add an Azure Government Cloud.
    3. Under Credentials, click the drop-down list and select <Add New Cloud Credentials...>
    4. Enter the Access Key (Application ID), Secret Key (Client Secret), and a Friendly Name that helps identify the shared credential. For tracking purposes, we recommend using the credential name as the Friendly Name. Click OK to confirm your input.
    5. After you add the credentials, you can see the Friendly Name with the Access Key (in parentheses) in the Credentials field.
      From 8.8 and higher
      For large environments, we recommend adding more than one Service Principal to the Credentials List. Find more information here.
      Note: The credentials must be shared credentials. See Configuring Shared Credentials for more information about shared credentials.
    6. Under Tenant ID, enter the ID of your Azure Tenant.
    7. Click +Add to add a Data Collector for the cloud connection.
    8. In the Add data collection agent wizard, select a machine that you want to use as the Data Collector. Click OK to confirm the selection.
    9. The machine name appears and you can verify the Azure credentials by clicking Test Connection or the green checkbox that appears next to the Data Collector.
      If the Data Collector establishes a successful connection to your Azure account, a green confirmation icon appears in the Status column.If the Data Collector fails to connect to your Azure account, a red icon is shown. Hover over the red icon to see the reason for the error. To continue, you need to fix the error.
    10. Optionally, add another machine to use as a backup Data Collector in case the primary Data Collector is down. Note that the first machine in the list is used as the primary Data Collector.
    11. Click OK. ControlUp checks how many subscriptions are associated with your Azure Tenant. The following popups are displayed based on the number of subscriptions:
      1 subscription found:
      2 or more subscriptions found:
      The Subscriptions List tab shows all subscriptions in your Azure tenant. 
    12. Select the checkbox next to the subscriptions you want to add. The Data Collector you added earlier is used to connect to the subscriptions you select. Follow these recommendations when adding subscriptions:
      • Add a maximum of 5 subscriptions for each Data Collector. If you have large subscriptions (more than 100 virtual machines), you should distribute them across different Data Collectors to prevent overloading a single Data Collector.
      • Add subscriptions one at a time and confirm that the data connection remains stable to all subscriptions, especially when adding large subscriptions. To do this, you'll have to follow this procedure again to add a new Cloud Connection and select a different subscription.
    13.  Click OK to add the Cloud Connection with the subscriptions you selected. ControlUp automatically connects to the selected subscriptions and they are added to your organization tree:
      You can view Resource Groups under a subscription by clicking the + button next to the subscription:

    Azure Integration in Web UI

    In our web UI, subscriptions, and resource groups are displayed in the navigation hierarchy in the Discovery panel.

    You can find more information about how Azure can be used in the web UI here.

    Configuration Options

    In the previous chapter, you added your Azure subscription to ControlUp. For now, this is enough to start monitoring your Azure resources with ControlUp. However, there are more configuration options that we want to explain in this section. Let's look at each configuration option to help you understand what additional options you have to configure ControlUp. Articles with more information are linked in the corresponding section. 

    Changing the Data Collection Intervals

    ControlUp provides great granularity for aggregating data from your Azure environment. This enables you to refresh data in the Real-Time Console and the web UI more frequently, and to benefit from a better real-time experience. You can define time intervals in seconds for which data is aggregated. Refer to the Azure Integration: Data Collection Intervals article to learn more about data collection intervals. 

    Displaying Azure Cost Types in ControlUp

    You can make use of the different Azure cost types in the Real-Time Console and web UI to streamline your Azure cost management. To learn more about how to configure cost types, refer to the Azure Integration: Collecting Cost Metrics.

    Was this article helpful?