Setting up Azure Cost Management Exports

Learn how to set up Cost Management Exports reports in Azure, so you can sync your Azure data to Cloud Ctrl.

• 1. Create a Cost Management Export report in Azure
• 2. Register an application and create a role assignment
  • Collect the Tenant ID
  • Register a New Application
  • Create a role assignment
• 3. Create a new Cloud Account in Cloud Ctrl

1. Create a Cost Management Export report in Azure

Cost Management Export reports are available for various Azure account types, including Enterprise Agreement (EA) and Microsoft Customer Agreement (MCA) customers. The prerequisites for this process is available from the following Microsoft page here (opens new window)

This process is the same for any of the three types of export, 'actual', 'amortized', or 'FOCUS'. Currently Cloud Ctrl only supports importing 'actual' type CME exports.

To start creating a new (or edit an existing) Cost Management Export, search for 'Cost Management + Billing' in the Azure portal. From there, navigate to Cost Management -> Exports.

Choose or change to a billing scope that includes all (or some) of the subscriptions that you want to gather usage data from.

Select 'Create' and then the 'Cost and usage (actual)' template to setup a new export.

Note: The export must be the "Cost and usage (actual)" template. This may not be available on all subscription types.

Specify a name prefix for the export report. The setup will automatically add the type of export being created to end of the name. This name can be edited later.

Next, specify the destination (Blob storage container) for where the export reports will be created by Azure. This is the location where Cloud Ctrl will ingest the export reports from. It should be located in a subscription that is able to be accessed (through trusted Azure service access) by Cloud Ctrl. It does not have to be located in the same subscription as any the subscriptions that are being exported. You will need to make a note of this location; the details will be required when you create the connection in Cloud Ctrl.

Ensure that 'CSV' format is choosen, as well as Gzip compression for the export. Please note that it may take 24 hours for the first CME report to be created by Microsoft in the destination location.

Once complete, the export report should appear in the list of exports under the choosen billing scope.

2. Register an application and create a role assignment

Microsoft Entra ID Applications are identities that you create and control within your own Microsoft Entra tenant and can be granted privileges on the resources that you specify. These applications have their own login credentials and are intended to be used in code, such as in Cloud Ctrl. The application identity and role assignment created in this step, will allow to access the destination subscription (and storage account etc.) specified in step 1.

Cloud Ctrl uses the Microsoft Entra ID Applications to connect to the Azure Resource Manager and gather metadata and metrics from your subscriptions.

For all these steps, Microsoft have published documentation covering the process in the Azure Portal. View the Microsoft Documentation (opens new window)

Collect the Tenant ID

1. Log in to the Azure Management Portal (opens new window) using tenant admin credentials.
2. From the search bar at the top of the screen, type 'Entra' and select Microsoft Entra ID.
3. Select Properties from the list.
4. From the properties screen, copy the Directory ID. This is your Tenant ID.

Register a New Application

1. Navigate to the Manage section of Microsoft Entra ID, then click App Registrations > New Registration.
   1. Enter a Name for your application.
   2. For Support Account Types, leave the default.
   3. For User Redirect URI, leave the default.
   4. Click on Register.
2. Copy the Application ID after successful registration. This is your Client ID.
3. Generate the client secret
   1. Go to Manage > Certificates & secrets
   2. Under Client Secrets, click New client secret.
   3. Add a Description for the secret and select an expiration period.
   4. Click on Add.
   5. Copy down the Client Secret Value that is generated as this cannot be displayed again. (==Important!==)

Create a role assignment

Go to the management groups blade in Azure portal which you can find here (opens new window). Select the subscription or top level management group that you specified as the destination for the automatic Cost Management Export.

After selecting the subscription/management group, go to the Access control (IAM) menu item and hit add.

Within this view configure a role assignment, with the following details:

1. Role: StorageBlobDataReader (opens new window)
2. Members: Your app registration from earlier.

3. Create a new Cloud Account in Cloud Ctrl

To start importing usage data for Microsoft Azure Cost Management Exports, you need to create an Azure Cloud Account.

• To add a new cloud account go to Settings > Cloud Accounts > Create
• The New Cloud Account window will appear, select Azure Account (Cost Management Export)

You will be prompted for a name for the Cloud Account as well as the Tenant Id, Application / Client Id and the Application / Client Secret you got from the ARM Connection.

The name is an internal name used within the platform for you to be able to identify this connection among multiple connections, e.g. Azure MSDN, Azure PAYG, etc. You also need to specify the 'Storage Account Name', the 'Container Name', the 'Directory Name' and the 'Export Name' from the automated Cost Management Export report that was created in the Azure Portal.

Once you submit, your data should start to be ingested into ; it may take up to 24hrs for your usage to fully load. Please contact our support team if you are experiencing issues.