The Azure connector for Elimity Insights fetches principals, roles and subscriptions from Azure so you can keep in control of your environment. 

Follow the instructions below to set up the connector for your environment.

How it works

• Elimity Insights periodically fetches principals, roles and subscriptions from Azure.
• Write Elimity Insights queries to review and monitor updates to the data, or leverage existing queries.
• Configure these stored queries to take action when the Elimity Insights data changes.

Integration requirements

Setting up an Azure source in Elimity Insights requires:

• a global administrator in Azure to set up an app registration,
• a user in Elimity Insights with the role Connector Admin or higher.

Integration instructions

Follow the following steps to set up an Azure source in Elimity Insights:

1. In Azure, open the overview of your tenant's app registrations by typing 'app registrations' in the global search bar and clicking the 'App registrations' service. Next, click the 'New registration' button.
   
   
2. Choose a name for this integration (e.g., "Elimity Insights integration"). Leave the default for "Supported account types" and "Redirect URI". Click "Register" and note down both the client identifier and the tenant identifier.
   
   
3. Now add a secret to the app registration so that Elimity Insights can use the Azure API as this app. Click "Certificates & secrets" in the menu on the left and add a new client secret. Immediately note down the value of your new secret.
   
   
4. Next, make sure your Azure user account is a global administrator, and that your access rights are elevated. Refer to the official documentation for detailed instructions. This is necessary to assign roles to the app registration in your tenant's root management group. If you're only interested in subscriptions within a specific management group, then you can skip this step.
   
   
5. Open the overview of your tenant's management groups by typing 'management groups' in the global search bar and clicking the 'Management groups' service. Next, click the root management group (or another specific one if you do not want to import all subscriptions) and then click the 'Access control (IAM)' item in the side navigation menu. Click 'Add' in the top-left corner of the main content panel, and select 'Add role assignment'. Select the 'Reader' role and click 'Next'. Now click 'Select members', search for your newly created app registration, select it and click 'Next' again. Finally, click 'Review + assign'.
   
6. If you elevated your access rights in step 4, then we recommend removing it again as we'll no longer need it now. Again, refer to the official documentation for detailed instructions.
   
   
7. Provide your Azure tenant identifier, the client identifier and the client secret in the Elimity Insights connector setup form.