Azure Integration

Learn how to import and integrate your Azure data into Ardoq with these four easy-to-follow steps guide.

Kristine Marhilevica avatar
Written by Kristine Marhilevica
Updated this week

Contents

Follow these steps to set up an integration:

1. Navigate to the Integrations page:

Ardoq azure integrations set up

2. Click the Azure Beta logo:

3. To set up your connection, please add a Connection name, Directory (tenant) ID, Application (client) ID, and Client secret. Please follow the below intructions before creating the connection in Ardoq:
1. Add Ardoq application to your Azure tenant
1. Go to your azure tenant from Microsoft Entra ID -> Add -> Enterprise application -> Select Ardoq
2. After application has been added. You'll need the `Application ID`

If you have already added the application before, Go to Microsoft Entra ID -> Enterprise applications to find your previously created application.

2. Open console (powershell for Windows) and log in (should redirect to the browser): > az login
3. Assign a role for the added application above with the scope you want to grant permissions.
1. Eg: If you want to grant Reader role permission for a particular subscription,
> az role assignment create --assignee <your_application_id> --role Reader --scope /subscriptions/<your_subscription_id>
2. If you want to use multiple subscriptions, you have to execute the above command for each subscription id.

Enter your Azure credentials. Once you have created the connection, you will see it under the tab Connections.

4. To create a new import, click Create new import in the top right corner.

5. On the first step of the import, please select what connection you would like to use, then select the location(s) of the servers and subscription(s). Finally, please select the resource groups and resource types you would like to import.

The resources you can choose to import are:

Analysis service servers

App Service Plans

Availability sets

Disks

Hybrid machines

Load balancers

Locations

Managed clusters

Management groups

Microsoft SQL databases

Microsoft SQL managed databases

Microsoft SQL managed instances

Microsoft SQL servers

Network security groups

Network security rules

Resource groups

SQL databases

SQL servers

SQL virtual clusters

SQL virtual machines

Subscriptions

Tag values

Tags

Virtual machine extensions

Virtual machines

Virtual network subnets

Virtual networks

Zones

microsoft.aad/domainservices

microsoft.alertsmanagement/actionrules

microsoft.alertsmanagement/smartdetectoralertrules

microsoft.analysisservices/servers

microsoft.appconfiguration/configurationstores

microsoft.cache/redis

microsoft.cdn/profiles

microsoft.cognitiveservices/accounts

microsoft.compute/availabilitysets

microsoft.compute/diskencryptionsets

microsoft.compute/disks

microsoft.compute/galleries

microsoft.compute/images

microsoft.compute/proximityplacementgroups

microsoft.compute/snapshots

microsoft.compute/virtualmachines

microsoft.compute/virtualmachinescalesets

microsoft.containerinstance/containergroups

microsoft.containerregistry/registries

microsoft.containerservice/containerservices

microsoft.containerservice/managedclusters

microsoft.databox/jobs

microsoft.databricks/workspaces

microsoft.datafactory/factories

microsoft.datalakeanalytics/accounts

microsoft.datalakestore/accounts

microsoft.datashare/accounts

microsoft.dbformariadb/servers

microsoft.dbformysql/servers

microsoft.dbforpostgresql/servers

microsoft.deploymentmanager/servicetopologies

microsoft.deploymentmanager/steps

microsoft.devops/pipelines

microsoft.devtestlab/labs

microsoft.documentdb/databaseaccounts

microsoft.domainregistration/domains

microsoft.eventgrid/domains

microsoft.eventgrid/topics

microsoft.eventhub/clusters

microsoft.eventhub/namespaces

microsoft.hanaonazure/hanainstances

microsoft.hanaonazure/sapmonitors

microsoft.hdinsight/clusters

microsoft.healthcareapis/services

microsoft.hybridcompute/machines

microsoft.hybriddata/datamanagers

microsoft.importexport/jobs

microsoft.insights/actiongroups

microsoft.insights/activitylogalerts

microsoft.insights/alertrules

microsoft.insights/autoscalesettings

microsoft.insights/components

microsoft.insights/metricalerts

microsoft.insights/privatelinkscopes

microsoft.insights/webtests

microsoft.keyvault/vaults

microsoft.kusto/clusters

microsoft.labservices/labaccounts

microsoft.logic/integrationaccounts

microsoft.logic/integrationserviceenvironments

microsoft.logic/workflows

microsoft.machinelearning/commitmentplans

microsoft.machinelearning/webservices

microsoft.machinelearningservices/workspaces

microsoft.maintenance/maintenanceconfigurations

microsoft.managedidentity/userassignedidentities

microsoft.maps/accounts

microsoft.media/mediaservices

microsoft.migrate/projects

microsoft.mixedreality/remoterenderingaccounts

microsoft.mixedreality/spatialanchorsaccounts

microsoft.network/applicationgateways

microsoft.network/applicationsecuritygroups

microsoft.network/azurefirewalls

microsoft.network/bastionhosts

microsoft.network/ddosprotectionplans

microsoft.network/expressroutecircuits

microsoft.network/expressroutegateways

microsoft.network/expressrouteports

microsoft.network/firewallpolicies

microsoft.network/frontdoors

microsoft.network/ipgroups

microsoft.network/loadbalancers

microsoft.network/localnetworkgateways

microsoft.network/natgateways

microsoft.network/networkexperimentprofiles

microsoft.network/networkinterfaces

microsoft.network/networkprofiles

microsoft.network/networksecuritygroups

microsoft.network/networkwatchers

microsoft.network/p2svpngateways

microsoft.network/privateendpoints

microsoft.network/privatelinkservices

microsoft.network/publicipaddresses

microsoft.network/publicipprefixes

microsoft.network/routefilters

microsoft.network/routetables

microsoft.network/serviceendpointpolicies

microsoft.network/virtualhubs

microsoft.network/virtualnetworkgateways

microsoft.network/virtualnetworks

microsoft.network/virtualnetworktaps

microsoft.network/virtualrouters

microsoft.network/virtualwans

microsoft.network/vpngateways

microsoft.network/vpnsites

microsoft.notificationhubs/namespaces

microsoft.operationalinsights/clusters

microsoft.operationsmanagement/solutions

microsoft.peering/peerings

microsoft.peering/peeringservices

microsoft.portal/dashboards

microsoft.powerbidedicated/capacities

microsoft.recoveryservices/vaults

microsoft.relay/namespaces

microsoft.resources/deploymentscripts

microsoft.scheduler/jobcollections

microsoft.security/automations

microsoft.servicebus/namespaces

microsoft.servicefabric/clusters

microsoft.signalrservice/signalr

microsoft.solutions/applicationdefinitions

microsoft.solutions/applications

microsoft.solutions/jitrequests

microsoft.sql/instancepools

microsoft.sql/managedinstances

microsoft.sql/servers

microsoft.sql/virtualclusters

microsoft.sqlvirtualmachine/sqlvirtualmachinegroups

microsoft.sqlvirtualmachine/sqlvirtualmachines

microsoft.storage/storageaccounts

microsoft.storagecache/caches

microsoft.storagesync/storagesyncservices

microsoft.storsimple/managers

microsoft.streamanalytics/streamingjobs

microsoft.web/certificates

microsoft.web/connectiongateways

microsoft.web/connections

microsoft.web/customapis

Note:

  • It is recommended to select only the resource types that you will be using as it will be much faster to load.

6. Click on the Next button in the bottom right corner of the page to configure your data.

7. Select a table to configure its columns, and navigate to Components. Although all Azure tables contain components, references can be created using column configurations. Select the Ardoq workspace to import the table into. You can either select an existing workspace or type a name to create a new one. Configure the columns to map the values to the correct Ardoq concepts.

10. Click the Review Import button to get a summary of what the import result will be. Finally, click the Import My Data button to execute the actual import.



How To Schedule Your Import

After a successful test run, you have the option to schedule your import. You can choose to import on a daily or weekly basis.



FAQ

Why does the Resource Groups preview show all resource groups even though I have selected only a single resource group?

The Resource Group type is considered a special case as it will list all resource groups that the role has access to regardless of which you have selected.


Unable to Authenticate While setting up the Integration.

For secret-based authentication, Please create an app in your tenant.

The following instruction should be relevant but can be a little outdated in a part of navigation to different Azure sections. In general, you should follow documentation by Microsoft, for example:

https://docs.microsoft.com/en-us/azure/active-directory/develop/howto-create-service-principal-portal

One of the ways to set up is to create a secret and assign a Reader role at the subscription level as follows. Create app and client secret:

1. Log in Azure portal.
2. Open the “App registration” section and add a new app. For example, name it “Ardoq integration”.
3. Open “Authentication” and create Secret. After that, we can log in, but a list of regions etc will be empty. We can log in only, we do not have access to data.Assign Reader role on subscription level:
1. Open Subscriptions and click Subscription.
2. Open Access control.
3. Click Add in the Role assignment section, there are 3 fields to assign:
3.1 Role: Reader.
3.2 Assign access to: Azure AD user, group or service principal (it is the default value).
3.3 Select the application we created before.
3.4 Click Save. It may take some seconds for Azure to save changes, after that it should be possible to log in and read regions etc in Ardoq.

Note: Currently users with a role of admin can only configure the integration.

Did this answer your question?