1

. Create Application and get Application ID, Directory ID

Create application in Azure Active Directory and you can then note the application ID.

1. Log on to the Microsoft Azure console

1. and press Azure Active Directory

1.  in the left navigation pane

1. .
2. Click App Registrations > New registration.

1. Provide the following details:
   1. Name: A name for the application (e.g. My_Azure_Connector)
   2. Supported account types: Select Accounts in any organizational directory

1. Click Register. The newly created is displayed with its properties. Copy

1. the Application (client)ID

1.  and Directory (tenant)IDand paste it into the connector details

1. .

2. Generate Authentication Key

Provide permission to the new application to access the Windows Azure Service Management API and create a secret key.
Provide Permission

1. Select the application that you created and go

1. to API permissions > Add a permission.

1. Select Azure Service Management API

1.  in Microsoft APIs for Request API permissions.

1. Select user impersonation

1.  permission and click Add permissions.

Create a secret key

1. Select the application that you created and go

1. to Certificates and Secrets > New client secret.
2. Add a description and expiry duration for the key (recommended: Never) and

1. click Add.
2. The value of the key appears in the Value field.

Copy the key value at this time. You won’t be able to retrieve it later. Paste the key value

as Authentication Key into the connector details. You need to provide the key value with the application ID to log on as the application. Store the key value where your application can retrieve it.

3.Acquire Subscription ID

Grant permission for the application to access

subscriptions. Assign a role to the new application. The role you assign will define the permissions for the new application to access subscriptions.

1. On the Azure portal, navigate

1. to Subscriptions.
2. Select the subscription for which you want to grant permission to the application and note the subscription ID.

Assign two roles (Reader role and a custom role to the application).Assign Reader Role

1. To grant permission to the application you created,

1. choose Access Control (IAM).
2. Go

1. to Add > Add a role assignment. Pick

1. a Reader role. A Reader can view everything but cannot make any changes to the resources of a subscription.
   

Assign Custom Role

Before you assign the custom role, create the custom role (QRole). Learn more

1. Note: You need to assign the Reader role if the same application is used in AssetView and CloudView module. If the application usage is limited to only AssetView module (and not in CloudView module), you need to have at least below permissions on the built-in or custom role assigned to the subscription. - "Microsoft.Compute/virtualMachines/read", - "Microsoft.Resources/subscriptions/resourceGroups/read", - "Microsoft.Network/networkInterfaces/read", - "Microsoft.Network/publicIPAddresses/read", - "Microsoft.Network/virtualNetworks/read", - "Microsoft.Network/networkSecurityGroups/read"
2. Select Azure AD user, group, or

1. application in Assign Access to dropdown.
2. Type the application name in Select drop-down and select the application you created.

1. Click Save

1.  to finish assigning the role. You’ll see your application in the list of users assigned to a role for that scope.
2. Copy

1. the subscription ID

1. you noted and paste it into the connector details in AMP on the New Connector page and click

1. Create Connector.