Azure Cost Management Exports – CSP Accounts

For Microsoft Cloud Solution Provider (CSP) customers, Cloud Ctrl integrates with Azure Cost Management Exports to collect detailed cost and usage data.

Due to Microsoft’s CSP billing model, exports can only be created at the subscription level.
However, Cloud Ctrl can now automate export creation and historical backfills when granted the required permissions.

If you can grant the required permissions to the Cloud Ctrl App Registration, Cloud Ctrl will automatically:

  • Create and manage Cost Management Exports for each subscription
  • Schedule daily export jobs
  • Perform historical backfills (up to 13 months)
  • Monitor export status and recover from missed runs

This ensures consistent configuration across all CSP subscriptions with minimal manual effort.

Step 1. Create a Custom Role

Create a Custom Role that allows Cloud Ctrl to manage exports and read usage data.

To create the custom role in Azure Portal:

  1. Navigate to any SubscriptionAccess control (IAM)
  2. Click Add → Add custom role
  3. Enter the role name: CSPExportManager
  4. Select Start from scratch
  5. On the Permissions tab, click Add permissions and add:
    • Microsoft.Resources/subscriptions/read
    • Microsoft.Resources/subscriptions/resourceGroups/read
    • Microsoft.Resources/tags/read
    • Microsoft.Consumption/*/read
    • Microsoft.CostManagement/exports/*
    • Microsoft.CostManagement/query/*
    • Microsoft.CostManagement/views/*/read
  6. On the Assignable scopes tab, select the subscriptions or management group where this role should be available
  7. Click Review + create

Alternatively, use this JSON definition (via Azure CLI or PowerShell):

{
  "Name": "CSPExportManager",
  "IsCustom": true,
  "Description": "Allows for creating and managing Cost Management Exports and read consumption data.",
  "Actions": [
    "Microsoft.Resources/subscriptions/read",
    "Microsoft.Resources/subscriptions/resourceGroups/read",
    "Microsoft.Resources/tags/read",
    "Microsoft.Consumption/*/read",
    "Microsoft.CostManagement/exports/*",
    "Microsoft.CostManagement/query/*",
    "Microsoft.CostManagement/views/*/read"
  ],
  "NotActions": [],
  "AssignableScopes": ["/"]
}

💡 The AssignableScopes: ["/"] allows this role to be applied across all subscriptions in the tenant. You can also specify individual subscription IDs.

Step 2. Assign the Role

In the Azure Portal, open the Subscription.

  1. Go to Access Control (IAM) → Add → Add role assignment.
  2. Select your CSPExportManager role.
  3. Assign it to the Cloud Ctrl App Registration.

Repeat this step for each subscription you wish to connect.

Step 3. Grant Access to the Storage Account

Cloud Ctrl needs Storage Blob Data Owner access to a storage account to create containers and manage export files automatically.

💡 Use the dedicated storage account you created earlier. If you haven't created one yet, do that first.

To grant access:

  1. Navigate to the Storage Account in the Azure Portal
  2. Click Access control (IAM) in the left menu
  3. Click Add → Add role assignment
  4. Choose the role: Storage Blob Data Owner
  5. Select Members: your Cloud Ctrl App Registration
  6. Click Review + assign

⚠️ This permission is required for Cloud Ctrl to create containers and manage export files.
Cloud Ctrl will never modify or delete unrelated content in your storage account.

Step 4. Add a Credential in Cloud Ctrl

  1. Go to Settings → Cloud Connections → Microsoft Azure
  2. Click + Add Credential
  3. Enter:
    • Azure Tenant ID
    • Azure Application (Client) ID from your App Registration
    • Azure Client Secret from your App Registration
  4. Click Save to validate and store the credential.

Step 5. Add a Cloud Account in Cloud Ctrl

  1. From Settings → Cloud Connections → Microsoft Azure, scroll down to the Cloud Accounts section
  2. Click + Add Cloud Account
  3. Select the credential you just added
  4. Select Microsoft Azure Cost Management Export as the account type
  5. Enter:
    • Name: A name for your cloud account
    • Automatically manage exports must be checked
    • Storage Account Name
    • Container Name
  6. Click Submit to validate and save the cloud account.

Add CME Automated

Cloud Ctrl will confirm permissions and automatically:

  • Create daily Cost Management Exports for each connected subscription
  • Run historical exports to populate prior months of data
  • Begin continuous data ingestion

Tips

When a new subscription is added, to include it in the automated reporting please assign the custom role permissions in Step 1.

Manual Setup (Alternative Method)

If your organisation cannot grant the required permissions, you can manually create exports for each subscription.

Please follow the Standard Export process for per Subscription Exports

After connecting:

  • Once ingestion begins, data will appear in your Cost Explorer and Budgets dashboards.
  • Initial imports can take several minutes depending on file size and number of subscriptions.
  • (Optional) Once you have confirmed that data for the current month has imported successfully, feel free to run Cost Management Exports for any historical months you would also like imported. This can be done for each export from the Azure portal by selecting the export by name and then '→ Export selected dates' option.

What's Next