Onboarding Azure Accounts to Yotascale™ Software
To onboard your Azure accounts with Yotascale, we need to make sure your Azure account type meets the minimum criteria, and that you have a user available with the required roles.
Note: we will ask you to log in to your Azure console from the Yotascale Azure onboarding. We are not storing your credentials. All we need is to get access to your Cost Export Files. The login is to allow us to be able to get access to the Storage Keys for the Container where the Cost Export Files are saved.
Summary of the Steps to Onboard Your Azure Subscriptions
You need to have a user that has Reader and Data Access to your Billing Account and Subscriptions
Yotascale will read Export Files for each Subscription for Cost Usage and Purchase data. No user credentials are stored
The Roles that are required are for Billing Account Reader, and the Subscription Reader and Data Access
You need to onboard each of your Subscriptions for full visibility
Azure-Side Prep Work
Prerequisite 1: Azure account type
Your Azure account must be of the type: MCA (Microsoft Customer Agreement).
We need to be able to access the Cost Export Files from each of your Azure. Subscriptions in order to get resource usage and costs. If did not yet enable cost Export files for your Azure Subscriptions, this document shows how you can do it.
Prerequisite 2: Azure user that will be used to enroll with Yotascale
The Azure User that will be used to onboard with Yotascale must have these roles:
Owner (can view/manage everything, including cost configuration)
Contributor (can view/manage everything, including cost configuration, excluding access control)
Cost Management Contributor (can view/manage cost configuration)
Additionally, the Azure User that will be used to onboard with Yotascale must have one of the following Azure Active Directory roles in your organization:
Global Administrator, or
Application Developer, or
Cloud Application Administrator
These are the roles that are needed for your Azure Billing Account and Subscriptions.
Please note that the roles are done on a per Subscription level and as such you need to have access to each of your Subscriptions to onboard them with Yotascale.
Resource | Role (any of these will work) |
|---|---|
Billing Account |
|
Subscriptions |
|
Please note that for the Subscription Reader is not enough because that Role does not give access to the Cost Export Files.
To access the Export files for each Subscription, the roles in the table are the only option. This is information is clarified in this Azure document, which shows the roles needed to access the keys to the Storage Blob Data.
Prerequisite 3: Azure user needs to have
Billing Profile Owner or Billing Profile Reader role in the Billing Profile for the Azure accountRole access to Subscriptions and Billing Accounts
For each Subscription, the minimum Role needed is: Reader and Data Access
For the Subscription Billing Account, the minimum role is: Billing Reader
Theuser that will be used to onboard your Azure account with Yotascale needs to have the role of “Billing profile owner”.
If the user needs to get access to the Azure account Billing Profile then follow these steps:
From the main menu (or search) openSetup Permission for the Azure Billing Account
For each Billing Account, you want to enroll, ask your Azure Admin to:
Open the Billing Account by opening the “Cost Management + Billing” Click on
Open the “Billing Account” you need access to, in this example the “Yotascale, Inc.”
Click in Access Control (IAM)
Add the user with the role of “Billing profile owner”
NOTE: if you don’t see a Billing Profile, you need to enable it from the Subscription side:
Go to “Subscriptions”
Open the subscription you want to enable with Yotascate by clicking on its name (if you have more than one)
Click on the Settings - “Billing properties”
Click on the link in front of “Billing profile”
Click on “Access control (IAM)”
Add the user the use that will onboard with Yotascale with the Role of ” Billing profile owner” or “Billing profile reader”
Prerequisite 4: Azure Storage Account Permissions and Settings
Your Azure Storage Account needs to:
Have "write" permissions required to change the configured storage account (regardless of permissions on the export)
Be configured for blob or file storage. If possible, we recommend creating a new storage account dedicated to the cost management data with Yotascale
Setup an Azure Storage Account and Export Daily Usage and Cost Files
For each account, you need to onboard with Yotascale follow the following steps.
Please login to your Azure account with the user-defined in the “Prerequisite 2” above.
Then go and create a scheduled daily export under Cost Management in case you do not have created it already. Follow this Azure guide to create
Click in “Add +” and add the Role of “Billing Account Reader” to the user that will onboard with Yotascale
Save and you’re done with the Billing Account
Setup Permissions to each Azure Subscription
If the user still does not have Reader and Data Access (or a superior Role) to your Subscriptions, please follow these steps.
For each Subscription:
Open the Subscriptions page from Search or Menu:
Click on the Subscription you want to add
Click on Access Control (IAM)
Click on “+ Add” to add a Role
Add the “Reader and Data Access” Role or a Superior Role. Select the user you want to add
Save it and you’re done with Subscription Permissions
Register the Resource Provider for the Azure Subscription where you want to store Cost Export files to allow for CostExport
It may happen (because of security company policy) that the Azure Subscription where you will create Export files is not registered to allow the Export service to run.
If that is the case, you will see an error stating that the Resource is not Registered.
you need to then Register the export service.
From Subscription - Resource Providers, go and “Register” the “Microsoft.CostManagementExports” and “Microsoft.CostManagement” as in this screenshot:
Setup Daily Usage and Purchase Export Files for Actual and Amortized Billing
You need to have Daily Export Files for Usage and Purchase enabled per Subscription so that Yotascale can read your usage and costs details.
For each of your Subscriptions follow these steps to enable the Export Files, in case you have not done it yet.
If you do actually already have created Export, but you see an error showing that we cannot read them, then it is because your IAM Role to the Subscription does not allow us to programmatically read from your Export files.
Please make sure you have one of these permission Roles to your Azure Subscription by following these steps.
Resource | Role |
Subscriptions |
|
To create Export files for a Subscription, you can either follow the steps highlighted below or follow the steps from this Azure guide to creating such an Export.
This needs to be done for both:
Actual cost (Usage and Purchases) - Select to export standard usage and purchases
Amortized cost (Usage and Purchases) - Select to export amortized costs for purchases like Azure reservations
These are the steps to enable the Cost Export Files for a Subscription:
Go to your Cost Management and BIlling in your Azure account that you want to onboard with Yotascale
Click in the Billing Account you want to onboard with Yotascale
Click on Exports on the left menu at the bottom:
Example of what it looks like:
After you save, you’re done with Export Files. Remember you need to do this for the two types of billing data (Actual and Amortized).
Yotascale Side Steps to Onboard Your Azure Subscriptions
Login to your Yotascale account as an “Admin”
Go to Settings - Manage Connections
Click on “Add Account” and select Azure - MCA:
Click on:
Sign in with the same user mentioned above in the Azure-Side Prerequisites section
You may get a popup to confirm your Azure Active Directory:
It is possible that you get a “Token Renewal Failed”. In that case, you need to click on Get Token:
Select the account which you want to onboard to Yotascale (once we have a token, we will fetch your Billing Account info)
Yotasale will verify that this user can read from the Billing Account, Subscription, and Export Files. If the user does have the Roles with Permission to access these resources, the user is not ready to onboard the account and needs to go back to the pre-requisites section in this document to get those Role Permissions:
Select the correct Billing Profile from the respective drop-down
Select the correct Subscription ID from the respective drop-down
The form will be auto-populated
Verify the location of your Export Files is correct and click the 'Save' button.
This is a screenshot of an example you should see before you Save the account connection:
| Status |
|---|
Related articles
| Filter by label (Content by label) | ||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
| Page Properties | ||
|---|---|---|
| ||
|