Azure Account Onboarding Overview
Welcome to the CloudYali Azure Account Onboarding Guide! This document serves as an overview of onboarding for Microsoft Azure accounts.
CloudYali uses Service Principals to securely access and manage data from your Azure subscriptions, allowing read-only access for cost management and anomaly detection. This guide will link you to the detailed instructions for each account type.
Supported Azure Account Types
CloudYali supports all major Azure account types:
| Account Type | Best For | Setup Complexity |
|---|---|---|
| Pay-as-You-Go (PAYG) | Startups, small teams | Simple |
| Microsoft Customer Agreement (MCA) | Growing businesses | Medium |
| Enterprise Agreement (EA) | Large enterprises | Medium |
Overview of Onboarding Options
1. Azure Cost Management Setup
This onboarding method helps you set up Cost Management Exports by connecting your cost data with CloudYali. This allows you to track and manage cloud costs using daily cost exports to Azure Storage.
-
Who Should Use This? Use this option if you need detailed cost tracking and analysis for your Azure resources.
-
Features:
- Set up a Service Principal with minimal permissions.
- Configure Cost Management Exports to Azure Storage Account.
- Monitor cloud spend for your Azure subscriptions.
- Receive automatic cost anomaly detection.
- Track usage by resource, location, and tags.
For detailed instructions, please refer to the Azure Cost Management Setup Guide.
Security Considerations
Key Security Benefits:
- Service Principal Security: CloudYali uses a dedicated Service Principal for Azure integration, ensuring that CloudYali has access only to the necessary data for cost management.
- Minimal Permissions: CloudYali uses only Cost Management Reader (PAYG/EA) or Billing Account Reader (MCA) roles - never requesting WRITE permissions.
- Encrypted Credentials: Service Principal credentials are encrypted with AES-256 and stored in AWS Secrets Manager, never in the application database.
- Read-Only Access: CloudYali can only read cost and usage data; it cannot create, modify, or delete any Azure resources.
- Storage Security: Cost exports are stored in Azure Blob Storage with private access; CloudYali uses Storage Blob Data Reader role for read-only access.
General Onboarding Steps
Step 1: Log in to CloudYali Console
- Navigate to your CloudYali portal (e.g., https://portal.cloudyali.com)
- Click Settings in the main menu
- Click Cloud Accounts or Integrations
- Click + Add Cloud Account
- Select Microsoft Azure
Step 2: Choose Your Azure Account Type
CloudYali will guide you to select your account type:
- Pay-as-You-Go (PAYG)
- Microsoft Customer Agreement (MCA)
- Enterprise Agreement (EA)
Not sure which type you have? Follow this guide:
- Go to Azure Portal → Cost Management + Billing
- See only subscriptions? → PAYG
- See "Billing accounts" menu? → MCA
- See "Enrollment" menu? → EA
Step 3: Create a Service Principal
Create a Service Principal in Azure with appropriate permissions for your account type:
- PAYG: Requires Cost Management Reader role at subscription level
- MCA: Requires Billing Account Reader role at billing account level
- EA: Requires Cost Management Reader or Enrollment Reader role
For detailed instructions, refer to Creating an Azure Service Principal.
Step 4: Configure Cost Management Exports
Set up daily cost exports from Azure to a Storage Account:
- Create an Azure Storage Account
- Create a Blob container for cost exports
- Configure Cost Management Export with daily schedule
- Grant Service Principal access to the storage account
For detailed instructions, refer to Configuring Cost Management Exports.
Step 5: Add Account to CloudYali
In the CloudYali portal, fill in:
- Account Name: Friendly name (e.g., "Production")
- Account Type: PAYG / MCA / EA
- Subscription ID: Your Azure subscription ID
- Tenant ID: Your Azure AD tenant ID
- Client ID: Service Principal application ID
- Client Secret: Service Principal password
- Storage Account Name: Name of your storage account
- Container Name: Name of blob container (e.g., cost-exports)
- Export Name: Name of your cost export
Step 6: Save Configuration
- Click Save or Connect
- CloudYali will begin syncing your cost data automatically
- Data will be available within 24 hours
Data Sync Timeline
After connecting your Azure account:
| Timeframe | What Happens |
|---|---|
| 0-24 hours | Initial data retrieval and processing begins |
| 24+ hours | Cost data becomes available in dashboards |
| 7+ days | Anomaly detection baseline is established |
| Daily | New cost data available (typically by 8 AM UTC) |
Account Type Prerequisites
Pay-as-You-Go (PAYG)
- No special prerequisites
- Service Principal needs Cost Management Reader role on subscription
- Simple setup, typically 15-20 minutes
Microsoft Customer Agreement (MCA)
- "Azure charges" setting must be enabled at billing account level
- Service Principal needs Billing Account Reader role at billing account scope
- Verify in: Cost Management + Billing → Billing account properties
Enterprise Agreement (EA)
- Enterprise Admin must enable "Account Owner (AO) view charges" at enrollment level
- Service Principal needs Cost Management Reader or Enrollment Reader role
- Contact your Enterprise Admin if this isn't enabled
Permissions Reference
For a complete list of required permissions and what CloudYali can and cannot access, refer to the Azure Permissions Reference.
Troubleshooting
Common Issues
Authentication Failed
- Verify Client ID, Tenant ID, and Client Secret are correct
- Check if Client Secret has expired
- Confirm Service Principal exists in Azure AD
- Wait 5-10 minutes for role assignments to propagate
Cannot Access Storage
- Verify Service Principal has "Storage Blob Data Reader" role
- Check storage account name and container name match CloudYali configuration
- Ensure cost exports are being generated in Cost Management
No Cost Data Available
- Wait 24 hours for initial data sync
- Verify cost management export is configured and running
- Check export frequency is set to "Daily"
For more troubleshooting, refer to the complete Azure Onboarding Guide.
Next Steps
Once your Azure account is connected:
-
Wait for Baseline (7-14 days)
- CloudYali needs 7+ days of data to establish cost baselines
- Anomaly detection becomes more accurate over time
-
Set Up Budgets (Optional)
- Go to Budgets → + Create Budget
- Set monthly/weekly budget thresholds
-
Configure Notifications (Optional)
- Go to Settings → Notifications
- Set up Email or Microsoft Teams alerts
-
Tag Resources (Recommended)
- Tag Azure resources with Environment, Team, Project, etc.
- CloudYali uses tags for cost allocation and anomaly analysis
Need Help?
If you encounter any issues or need more assistance:
- Email Support: support@cloudyali.io
- Documentation: Check our Azure Integration Guide
- Support Portal: https://support.cloudyali.io
Response Times:
- Email support: Within 24 hours
- Live chat: Immediate during business hours
- Critical issues: Within 4 hours