Microsoft Azure Integration

To integrate with Compute Software, complete Parts 1, 2, and 3 below to set up your subscriptions and provide access to your reservations and billing account.

Part 1: Register an Application and Set Up a Subscription in Compute Software

Steps

1. Log in to the Azure Management Portal using Admin credentials. If you have an Enterprise Agreement (EA), log in as Enterprise Admin, using Admin credentials.

2. Go to Azure's Active Directory service.

3. In Azure's Active Directory service click on App registrations.

4. Click New Registration.

   

5. Give the application a name. No need to specify a "Redirect URI." Click Register.

   

6. Once your application is ready, copy the Application ID (client ID) and save it.

7. Inside the created app registration, click Certificates & Secrets.

8. Create a new client secret.

   

9. Set description and an expiration.

   

10. Make sure to copy the Client Secret and set it aside. It will not appear again after you leave the Key settings.

    

11. Under your Active Directory's main menu, go to Properties, copy the Directory ID (a.k.a Tenant ID), and set it aside.

    

12. Now that you have created an Active Directory Application you will provide it with permissions. Under All Services, select Subscriptions. Choose the subscription you would like to provide Compute Software with a role in. In the Subscription menu select Access Control (IAM). Click Add and choose “Add role assignment.” Depending on the level of integration, select either the Contributor or Reader Role. Leave "Assign access to" as is. Search for the name of the Active Directory Application you created in Step 4 and click Save.

    Note: If your application does not appear in the Select autocomplete list enter the application name there anyway.

13. Navigate to your Subscription Overview page. Copy the Subscription ID and set it aside.

14. Go to https://app.computesoftware.com and navigate to the Integrations page under Settings. Click on Add Integration.

15. Enter a Name for your integration, and select “Azure” as the Source. Paste your Tenant ID (a.k.a. Directory ID), Client ID, Subscription ID, and Client Secret.

    

16. Click Add Integration, and your subscription will be set up on Compute Software.

Part 2: Set Up Access to Reservations

Access to reservations is needed to get information about a specific reservation and to list all reservations so the Compute Software Platform can incorporate your discounts in its optimization algorithms.

There are three options for providing access to your reservations. Option 1 is preferred, but you may choose any of the three options.

Option 1: Assign a Reservation Administrator role at the tenant level

Note: The Reservation Administrator role will allow Compute Software to obtain information about each reservation and to list all reservations. Compute Software will not be managing - modifying or purchasing - reservations with the Reservation Administrator role.

Use the following Azure PowerShell script to add a Reservation Administrator role at the tenant level with PowerShell. Use the Tenant ID and Object ID for the app previously registered.

Import-Module Az.Accounts
Import-Module Az.Resources

Connect-AzAccount -Tenant 
New-AzRoleAssignment -Scope "/providers/Microsoft.Capacity" -PrincipalId  -RoleDefinitionName "Reservations Administrator"	

Option 2: Assign a Reader Role at the tenant level

To provide access to the enterprise application, you may assign a Reader role at the tenant level.

Use the following Azure PowerShell script to assign the Reader role at the tenant level with PowerShell. Use the Tenant ID and Object ID for the app previously registered.

Import-Module Az.Accounts
Import-Module Az.Resources
 
Connect-AzAccount -Tenant 
New-AzRoleAssignment -Scope "/" -PrincipalId  -RoleDefinitionName "Reader"

Option 3: Assign a Reservation Reader role and Assign Reader role to all reservations at the tenant level

To provide access to the enterprise application, you may assign a Reader role on each of the reservation orders present at a specific point in time and assign a Reservation Reader role at the tenant level. If new reservation orders are added in the future, this script must be rerun to ensure Compute Software has read access to new reservations.

1. Use the following Azure PowerShell script to assign the Reservation Reader role at the tenant level with PowerShell. Use the Tenant ID and Object ID for the app previously registered.

   
    Import-Module Az.Accounts
    Import-Module Az.Resources
   
    Connect-AzAccount -Tenant 
   
    New-AzRoleAssignment -Scope "/providers/Microsoft.Capacity" -PrincipalId  -RoleDefinitionName "Reservations Reader"
    

2. Use the following Azure PowerShell script to assign Reader role to all reservations orders in the Azure AD tenant (directory). Use the Tenant ID and Object ID for the app previously registered.

   
    Import-Module Az.Accounts
    Import-Module Az.Resources
     
    Connect-AzAccount -Tenant 
     
    $response = Invoke-AzRestMethod -Path /providers/Microsoft.Capacity/reservations?api-version=2020-06-01 -Method GET
     
    $responseJSON = $response.Content | ConvertFrom-JSON
     
    $reservationObjects = $responseJSON.value
     
    foreach ($reservation in $reservationObjects)
    {
      $reservationOrderId = $reservation.id.substring(0, 84)
      Write-Host "Assigning Owner role assignment to "$reservationOrderId
      New-AzRoleAssignment -Scope $reservationOrderId -ObjectId  -RoleDefinitionName Owner
    }
    

Part 3: Set Up Access to Azure Billing Account

Steps

1. Sign in to the Azure portal as an Azure AD administrator.

2. In the left pane, select Azure Active Directory.

3. Under Manage, select Users.

   

4. Select New guest user.

5. On the New user page, select Invite user and then add the guest user's information.
   a) Name. The first and last name of the guest user. Use "Compute Software"
   b) Email address (required). The email address of the guest user. Use "access@computesoftware.com"
   c) Personal message (optional) Include a personal welcome message to the guest user.
   d) Groups: You can add the guest user to one or more existing groups, or you can do it later.
   e) Role Assignment: Select the Billing Reader role.

6. Select Invite to automatically send the invitation to the guest user. A notification appears in the upper right with the message Successfully invited user.

7. After you send the invitation, the user account is automatically added to the directory as a guest.