EnrollmentReader Permission - How can I validate that I have configured the permission as per the platform requirement?

search cancel

EnrollmentReader Permission - How can I validate that I have configured the permission as per the platform requirement?

book

Article ID: 283961

calendar_today

Updated On:

Products

CloudHealth

Issue/Introduction

How can I validate that I have configured the permission as per the platform requirement?

Resolution

Within the platform:

Make sure the Service Principal is Healthy and Connected to the Active Enrollment Account.

https://apps.cloudhealthtech.com/azure_enrollments

Once the EnrollmentReader Permission is added, it may take ~1Hr to collect the Billing Account asset. Verify the Billing Account asset is visible with the billing account id matching the Enrollment Account ID.
https://apps.cloudhealthtech.com/assets/azure/billing_accounts

It may take 24-48Hrs from the initial configuration to view the Amortized Cost report which will be only available if you have an EnrollmentReader configured.
https://apps.cloudhealthtech.com/olap_reports/azure_cost/amortized_cost

At Azure:

a. Obtain the Object ID for your Service Principal from Azure Portal -> Enterprise Application Portal.

https://portal.azure.com/#view/Microsoft_AAD_IAM/StartboardApplicationsMenuBlade/~/AppAppsPreview

b. Access the below Azure help document and click "Try It".

https://learn.microsoft.com/en-us/rest/api/billing/2020-05-01/billing-role-assignments/list-by-billing-account?tabs=HTTP

c. Sign in with the Azure Administrator Account.

d. Enter the BillingAccountName which will be your Enrollment ID and Click Run.

e. Looks for the principal ID (Object ID copied from Step a.) in the response Body JSON.

Feedback

thumb_up Yes

thumb_down No