Azure Cost Management Exports – CSP Accounts

For Microsoft Cloud Solution Provider (CSP) customers, Cloud Ctrl integrates with Azure Cost Management Exports to collect detailed cost and usage data.

Due to Microsoft’s CSP billing model, exports can only be created at the subscription level.
However, Cloud Ctrl can now automate export creation and historical backfills when granted the required permissions.

---

Recommended Method – Automated Export Setup

If you can grant the required permissions to the Cloud Ctrl Application Credential, Cloud Ctrl will automatically:

• Create and manage Cost Management Exports for each subscription
• Schedule daily export jobs
• Perform historical backfills (up to 13 months)
• Monitor export status and recover from missed runs

This ensures consistent configuration across all CSP subscriptions with minimal manual effort.

---

Step 1. Grant Permissions

Create a Custom Role that allows Cloud Ctrl to manage exports and read usage data.
Assign this role to the Cloud Ctrl Application Credential (Service Principal) for each subscription.

{
  "Name": "CSPExportManager",
  "IsCustom": true,
  "Description": "Allows {{ $site.title }} to create and manage Cost Management Exports and read consumption data.",
  "Actions": [
    "Microsoft.Resources/subscriptions/read",
    "Microsoft.Resources/subscriptions/resourceGroups/read",
    "Microsoft.Resources/tags/read",
    "Microsoft.Consumption/*/read",
    "Microsoft.CostManagement/exports/*",
    "Microsoft.CostManagement/query/*",
    "Microsoft.CostManagement/views/*/read"
  ],
  "NotActions": [],
  "AssignableScopes": ["/"]
}

// The Assignable scopes "/" allows this role to applied accross all subscriptions in the tenant, 
// you could also list each subscription.

---

Step 2. Assign the Role

In the Azure Portal, open the Subscription.

1. Go to Access Control (IAM) → Add → Add role assignment.
2. Select your CSPExportManager role.
3. Assign it to the Cloud Ctrl Application Credential (Service Principal).

Repeat this step for each subscription you wish to connect.

---

Step 3. Grant Access to the Storage Account

The Cloud Ctrl Application Credential must have Owner access to the storage account container where exports will be stored.

1. Navigate to the storage account.
2. Open Access Control (IAM).
3. Add a new Role Assignment → Owner.
4. Assign to the Cloud Ctrl Application Credential.

⚠️ This permission is required for Cloud Ctrl to create containers and manage export files. It will never modify or delete unrelated content in your storage account.

---

Step 4. Connect in Cloud Ctrl

1. Go to Settings → Azure → Add
2. Select Azure Account (Cost Management Export).
3. Enter:
   • Name: A name for your connection
   • Azure Tenant ID
   • Azure Application (Client) Id from you App Registration
   • Azure Client Secret from you App Registration
   • Storage Account Name
   • Container Name
4. Click Submit to validate and save the connection.

Cloud Ctrl will confirm permissions and automatically:

• Create daily Cost Management Exports for each connected subscription
• Run historical exports to populate prior months of data
• Begin continuous data ingestion

---

Manual Setup (Alternative Method)

If your organisation cannot grant the required permissions, you can manually create exports for each subscription.

Please follow the Standard Export process for Per Subscription Exports

After connecting:

• Once ingestion begins, data will appear in your Cost Explorer and Budgets dashboards.
• Initial imports can take several minutes depending on file size and number of subscriptions.