Azure plugin

For more information about what this plugin does and the data streams it retrieves, see:

Monitor your Azure environment, VMs, Functions, Cost and more.

How to add the data source

To add a data source click on the + next to Data Sources on the left-hand menu in SquaredUp. Search for the data source and click on it to open the Configure data source page.

Configuring the data source

Display Name:
Enter a name for your data source. This helps you to identify this data source in the list of your data sources.
Authentication:
You have two options to choose from for authentication, using the Sign-in button or entering Explicit application credentials:
- Sign-in button
  This will allow the Azure data source instance to access Azure from the point of view of a given user account. This gives less granular control over the permissions the data source runs with. This is not ideal from a "least privilege" point of view, but can be useful when experimenting with the data source against non-production environments. For production environments, using explicit application credentials, as described below, is recommended.
  After you click the Sign in with Microsoft button you can choose to login as an administrator of the target tenant or a non-administrator:
  See Microsoft: Manage consent to applications and evaluate consent requests
  As an administrator you can either consent for just yourself or for everyone in the organization by clicking 'Consent of behalf of your organization', see User and admin consent in Microsoft Entra ID
  The Azure data source will then use this administrator's credentials. With this in mind you may choose to Restrict access to this data source.
  
  At the Approval required prompt you must enter justification for requesting access and request approval. In SquaredUp you will see an 'access_denied - (cancel)' message until an administrator approves your request.
  An administrator of the target tenant can respond to the consent request in the Azure portal > Enterprise applications > Admin consent requests see Microsoft: Review admin consent requests.
  After consent has been granted the non-administrator must return to the Azure data source configuration and click the Sign-in with Microsoft button again. This time after signing in the message Logged in as <username> will be shown.
  The Azure data source will then use this non-administrator's credentials.
  When using OAuth to add an Azure data source, you can optionally limit the plugin imports to one or more subscription or management groups.
  1. Enter as many Subscription IDs as you require.
  2. Enter as many Management Group IDs as you require.
- Explicit application credentials
  For more granular control over the permissions the data source runs with, you may create a specific application for this purpose with only the Reader role on the areas of your tenant you wish.
  Setup and configure an app registration
  1. In the Azure portal > App registrations create a new app registration, using the default options (no redirect URL is needed). If you are adding roles you can edit an existing app registration, and add roles, for example steps 6 onwards to add Billings roles.
  2. Make a note of the Application (client) ID and the Directory (tenant) ID.
  3. In Certificates and secrets add a new secret, and make a note of the value.
    For more information see Microsoft: Use the portal to create an Microsoft Entra application and service principal that can access resources
  4. Navigate to the Subscription or Resource Group that you want to integrate and view in SquaredUp, and make a note of the ID.
    In Access control (IAM) click Add > Add role assignments and choose the Reader role.
    Search for the name of the app registration you created, select it and click Review + assign.
    Repeat these steps to integrate multiple subscriptions and resources groups.
  5. Optionally, to use the Cost data streams:
    In Access control (IAM) click Add > Add role assignments and choose the Cost Management reader role.
    Search for the name of the app registration you created, select it and click Review + assign.
  6. Optionally, to use the Billings data streams:
    Open Cost management + Billing and select the right scope from Billing scopes.
    In Access control (IAM) click Add and choose the Billing account reader role.
    Search for the name of the app registration you created, select it and click Add.
  7. Optionally, to use all the Savings plans and/or Reservations data streams:
    Open Savings plans or Reservations and select the plan you want.
    In Access control (IAM) click Add > Add role assignments and choose the Reader role.
    Search for the name of the app registration you created, select it and click Select, then Review + assign.
  Enter the explicit application credentials in SquaredUp
  1. Enter the Directory (tenant) ID, Application (client) ID, and Client secret that you noted down earlier.
    The next two fields, Subscription IDs and Management Group IDs, are both optional, but at least one Subscription or Management Group is required.
  2. Enter as many Subscription IDs as you require.
  3. Enter as many Management Group IDs as you require.
Install Sample Dashboards:
Select whether you would like to install sample dashboards with the data source. By default, this is set to on.

Optionally, select whether you would like to restrict access to this data source instance. By default, restricted access is set to off.

The term data source here really means data source instance. For example, a user may configure two instances of the AWS data source, one for their development environment and one for production. In that case, each data source instance has its own access control settings.

By default, Restrict access to this data source is set to off. The data source can be viewed, edited and administered by anyone. If you would like to control who has access to this data source, switch Restrict access to this data source to on.

Use the Restrict access to this data source dropdown to control who has access to the workspace:

By default, the user setting the permissions for the data source will be given Full Control and the Everyone group will be given Link to workspace permissions.
Tailor access to the data source, as required, by selecting individual users or user groups from the dropdown and giving them Link to workspace or Full Control permissions.
If the user is not available from the dropdown, you are able to invite them to the data source by typing in their email address and then clicking Add. The new user will then receive an email inviting them to create an account on SquaredUp. Once the account has been created, they will gain access to the organization.
At least one user or group must be given Full Control.
Admin users can edit the configuration, modify the Access Control List (ACL) and delete the data source, regardless of the ACL chosen.

Access Level:

Link to workspace	User can link the data source to any workspace they have at least Editor permissions for. Data from the data source can then be viewed by anyone with any access to the workspace. User can share the data source data with anyone they want. User cannot configure the data source in any way, or delete it.
Full Control	User can change the data source configuration, ACL, and delete the data source.

See Access control for more information.

Click Test and add to validate the data source configuration.
- Testing passed – a success message will be displayed and then the configuration will be saved.
- Testing passed with warnings – warnings will be listed and potential fixes suggested. You can still use the data source with warnings. Select Save with warnings if you believe that you can still use the data source as required with the warnings listed. Alternatively, address the issues listed and then select Rerun tests to validate the data source configuration again. If the validation now passes, click Save.
- Testing Failed – errors will be listed and potential fixes suggested. You cannot use the data source with errors. You are able to select Save with errors if you believe that a system outside of SquaredUp is causing the error that you need to fix. Alternatively, address the issues listed and then select Rerun tests to validate the data source configuration again. If the validation now passes, click Save.
You can edit any data source configurations at any time from Settings > Data Sources.
You can also add a data source from Settings > Data Sources > Add data source, but sample dashboards are not added when using this method.

Using the Azure data streams

Data streams standardize data from all the different shapes and formats your tools use into a straightforward tabular format. While creating a tile you can tweak data streams by grouping or aggregating specific columns. Depending on the kind of data, SquaredUp will automatically suggest how to visualize the result, for example as a table or line graph.

Data streams can be either global or scoped:

Global data streams are unscoped and return information of a general nature (e.g. "Get the current number of unused hosts").
A scoped data stream gets information relevant to the specific set objects supplied in the tile scope (e.g. "Get the current session count for these hosts").

See Data Streams for more information.

Before you get started

Azure provider registration

For your data streams to load correctly you must ensure that the subscriptions monitored by the Azure plugin have their providers registered. If a call is made to a subscription which does not have a required provider registered, it will return a 409 Conflict error.

Refer to the Azure documentation for detailed information on registering providers in Azure.

The Azure plugin makes calls to the following providers:

providers/Microsoft.Billing
providers/Microsoft.BillingBenefits
providers/Microsoft.Capacity
providers/Microsoft.Consumption
providers/Microsoft.CostManagement
providers/Microsoft.Insights
providers/microsoft.management
providers/Microsoft.OperationalInsights
providers/Microsoft.ResourceGraph
providers/Microsoft.ResourceHealth
providers/microsoft.securityinsights

Data streams

The following data streams are installed with this plugin.

Allows you to run an Application Insights KQL query. This data stream calls the api.applicationinsights.io endpoint, and allows you to enter a custom application insights KQL query.

Scope to a Azure workspace, object that supports KQL queries, or the data source instance itself.
If you scope to an Azure Application Insights workspace, the name of the data stream will be KQL Query. If you scope to an Azure object or the data source itself, the name of the data stream will be Application Insights Query.
Depending on what you have scoped to, select Application Insights Query or KQL Query from the data stream list.
For a Application Insights Query select an Application Insights Workspace Name from the dropdown. This the name of the workspace that you wish to query. You will not need to select a name if you have already scoped to a workspace.
KQL Query:
Mustache parameters are only supported if you have scoped to an Azure object and selected the Application Insights Query. Mustache parameters are not supported if you have scoped to a workspace or the data source instance itself.
A mustache parameter is a dynamic value, the actual value will be inserted to replace the field in curly braces. For example, {{timeframe.start}} will insert the start time based on the timeframe configured within the tile, or {{name}} will insert the name of the object(s) in scope.
This data stream supplies scoped objects individually for mustache parameters. When there are multiple objects in scope this data source will send the query multiple times, once for each object. The results are then displayed together, for example in a single table.
You can use properties of objects and write them in between curly braces e.g {{name}} to use them as mustache parameters. Whenever you use mustache parameters, you need to use a scope of objects that contain the property you're referencing.
For example, if objects of type "host" have a property called name, you can use {{name}}. This will resolve {{name}} to the value of the name property of the different "host" objects used in the scope.
Optionally, enter a Timeframe, for example: PT12H.
You must also tick Ignore dashboard timeframe if you want to use the custom timeframe you have entered here.
Ticking Ignore dashboard timeframe adds the ignoreTimeFrame parameter to the data stream.
You can add the ignoreTimeFrame parameter and set it to true if you want the query to ignore the current dashboard timeframe of a dashboard.
If ignoreTimeFrame is left out or set to false, the query will use the current dashboard timeframe.
The dashboard timeframe is the current timeframe setting for a dashboard. Users can change the dashboard timeframe to see data for a different time span, for example, instead of showing data from "the last 12 hours" it can be changed to show data from "the last 7 days".
Tiles can be configured to:
Use dashboard timeframe (default). For these tiles the data shown will change when the user changes the dashboard timeframe.
Use a fixed timeframe from the options available. These tiles show a clock icon and hovering shows the fixed timeframe configured. The data will not change when the dashboard timeframe is changed.
If the dashboard timeframe is unavailable, such as when all the tiles on that dashboard are using a fixed timeframe, then the button is disabled. Likewise, if a specific timeframe is unsupported then it is disabled in the timeframe picker.
Set a default dashboard timeframe
To set the default dashboard timeframe, click the pin icon
when using the dashboard timeframe picker. This sets the initial timeframe for all viewers of the dashboard, including shared dashboards.
Tip: Indicate with the name of a tile if the tile's timeframe can be changed. For example, naming a tile "Performance during the last week" tells users that this tile always shows data for the last week. Naming a tile just "Performance" indicates to users that changing the dashboard timeframe will change the data.
Optionally, enter an API Version, for example: 2017-10-01.
If an API Version is specified, the data stream will call the endpoint https://management.azure.com/{{workspace ID}}/query.

Scope

For an individual budget
For a scope that a budget can apply to:
- Subscription
- Resource Group
- Billing Profile
- etc.

This data stream gives you the daily cost over the timeframe you selected for your objects in your scope. You are able to get the total cost of the timeframe for the objects in your scope by grouping them together.

This data stream calls the Azure Cost Management query Microsoft: Query - Usage - REST API (Azure Cost Management).

Select the configurableCost data stream (indicated by the Configurable data stream cog). Click Next to go to the Objects tab.
On the Objects tab scope to Azure subscriptions, resource groups or management groups. Click Next to go to the Query tab.
Optionally, select a Group By entry from the dropdown. You can group the data by any dimension/s, for example ResourceGroupName.
Optionally, select a Filter from the dropdown. By default the data is not being filtered. Create a filter if you want to filter data to a specific type of Resources.
Select Granularity from the dropdown. Available options are: Daily and None. Daily granularity is useful for when you want to see cost over time in the form of a line graph. None should be selected if you want to show the total cost in the form of donuts and bar charts.

Includes costs that are paid up front for the year/month/etc.
If $365 is paid up front, $1 per day is added to the cost to give a more representative view of what something is costing the organization.

Similar to the 'Invoice details' cost view in the Azure portal
Configurable
- Amortized or Actual cost

Cost broken down by Service/Service Family
Configurable
- Amortized or Actual cost

Cost broken down by Location
Configurable
- Amortized or Actual cost

Cost broken down by tag
Configurable
- Group by specific tag key
- (Optional) Filter by tag value
- Amortized or Actual cost

For the Cost - Forecast data stream to work you will need to set it to a date in the future, for example: This Month, This Quarter, This Year. The line graph will show 2 lines:

Daily cost over the selected time as Active cost up to today’s date.
Forecast line for the rest of the period.

Targets each node in the scope and shows actual and forecast accumulated cost over time. Each day is summary of the total cost so far. Set this data stream to a date in the future like: This Month, This Quarter, This Year. Shows the Actual cost for the timeline in the past and Forecast for the timeline in the future.

Scope

Billing Account
Billing Profile

The breakdown of what a user has been charged by Microsoft

Tax break down
Free credit deductions
etc.

Scope

Billing Account
Billing Profile

The breakdown of what a user has paid to Microsoft

The type of payment
Installments

This data stream calls the api.loganalytics.io endpoint, and allows you to enter a custom log analytics KQL query.

In the tile editor, filter by the Azure data source, select KQL (Logs) from the data stream list and then click Next.
Select the objects that you want to use and then click Next.
Configure the data stream:
1. KQL Query:
  Enter a KQL query to retrieve log analytics data.
  It is recommended that you first run the query in Azure DevOps to ensure that it isn't retrieving too many results. If the query displays the "Your query is consuming excessive resources" message in Azure, then the SquaredUp tile using that query will timeout.
  A mustache parameter is a dynamic value, the actual value will be inserted to replace the field in curly braces. For example, {{timeframe.start}} will insert the start time based on the timeframe configured within the tile, or {{name}} will insert the name of the object(s) in scope.
  This data stream supplies scoped objects in an array for mustache parameters. When there are multiple objects in scope this data source will send the query once with all the objects in an array.
  When the scoped objects are supplied in an array the normal mustache syntax, for example {{name}}, must be contained between {{#.}} and {{/.}} (the full-stop indicates that the whole object should be used, in this case the array of objects in scope).
  For example, a query where clause might look like:
  | where ComputerName in ( {{#.}} '{{name}}', {{/.}} '' )
  - The {{#.}} and {{/.}} indicate that what is contained within is expanded for each element in the array of objects.
  - You can use properties of objects and write them in between curly braces e.g {{name}} to use them as mustache parameters. For example, if objects of type "host" have a property called name, you can use {{name}}. This will resolve {{name}} to the value of the name property of the different "host" objects used in the scope.
  - '{{name}}', means that the name property is expanded inside single-quotes with a trailing comma.
  - The trailing single quotes '' are necessary to stop the query being rejected because a trailing comma is disallowed.
  - Whenever you use mustache parameters, you need to use a scope of objects that contain the property you're referencing.
2. Optionally, enter a Timeframe, for example: PT12H.
  You must also tick Ignore dashboard timeframe if you want to use the custom timeframe you have entered here.
  Ticking Ignore dashboard timeframe adds the ignoreTimeFrame parameter to the data stream.
  You can add the ignoreTimeFrame parameter and set it to true if you want the query to ignore the current dashboard timeframe of a dashboard.
  If ignoreTimeFrame is left out or set to false, the query will use the current dashboard timeframe.
  The dashboard timeframe is the current timeframe setting for a dashboard. Users can change the dashboard timeframe to see data for a different time span, for example, instead of showing data from "the last 12 hours" it can be changed to show data from "the last 7 days".
  Tiles can be configured to:
  Use dashboard timeframe (default). For these tiles the data shown will change when the user changes the dashboard timeframe.
  Use a fixed timeframe from the options available. These tiles show a clock icon and hovering shows the fixed timeframe configured. The data will not change when the dashboard timeframe is changed.
  If the dashboard timeframe is unavailable, such as when all the tiles on that dashboard are using a fixed timeframe, then the button is disabled. Likewise, if a specific timeframe is unsupported then it is disabled in the timeframe picker.
  Set a default dashboard timeframe
  To set the default dashboard timeframe, click the pin icon
  when using the dashboard timeframe picker. This sets the initial timeframe for all viewers of the dashboard, including shared dashboards.
  Tip: Indicate with the name of a tile if the tile's timeframe can be changed. For example, naming a tile "Performance during the last week" tells users that this tile always shows data for the last week. Naming a tile just "Performance" indicates to users that changing the dashboard timeframe will change the data.

This data stream allows you to enter a custom KQL query.

In the tile editor, filter by the Azure data source, select KQL (Resource Graph) from the data stream list and then click Next.
Select the objects that you want to use and then click Next.
Configure the data stream:
1. KQL Query:
  Enter a KQL query to retrieve data from the the Azure resource graph.
  It is recommended that you first run the query in Azure DevOps to ensure that it isn't retrieving too many results. If the query displays the "Your query is consuming excessive resources" message in Azure, then the SquaredUp tile using that query will timeout.
2. Optionally, enter an API Version, for example: 2017-10-01.

Queries Azure Metrics. This data stream calls the /{{sourceId}}/providers/microsoft.insights/metrics endpoint, and allows you to select a custom metric name.

Scope to an Azure object.
Select Monitor Metric from the data stream list.
Select the objects you want to use then click Next.
Configure the data stream:
1. Metric Name:
  Select a metric from the dropdown, for example: TotalRequests.
  Any data stream you have created can later be edited from Settings > Data Streams. For example, you may wish to change the shape for timeseries metrics from number to milliseconds.
2. Aggregation:
  Optionally, select an aggregation to group the data by.
3. Split/Filter:
  Optionally, select this check box if you want to apply splitting or filtering to the results, then configure the following settings:
  1. Apply Splitting:
    Select the property to split by. For example, StatusCode.
  2. Split Limit:
    Enter a value to limit the number of split results by.
  3. Sort:
    Select whether to display results by Ascending or Descending order. This option is set to Descending by default.
  4. Filter to property:
    Select a property to filter results by. For example, OperationType.
  5. Filter Value:
    Specify values for the filtered property to filter by. For example, ReadFeed and read.
  6. Roll-up filter:
    Select to merge results. For example, this would merge results with the same status codes.

Scope

Reservation
Billing Profile
Billing Account

Gets a historical summary of how a reservation has been applied to other resources.

e.g. what virtual machine has this reduced the cost of

Scope

Reservation
Billing Profile
Billing Account

Gets a historical summary of how effectively a reservation (or group of reservations) is being used.

Scope

Subscription
Resource Group
Billing Profile

Get recommendations for how to save costs using recommendations.

Configurable

Scope
- A single use reservation or a shared reservation
Resource type
- Virtual Machine
- Database
- etc.

Similar to Reservation Percent Utilization History.

Similar to Reservation Recommendations, with the main difference being that savings plans only support Compute so you don’t get a choice of type.

Configurable

Scope
- A single use plan or a shared plan
Term
- A 1 year or a 3 year plan

Scope

For Subscriptions when billing types are imported
For ‘Billing types’ that support them
- Billing Accounts
- Billing Profiles
- Invoice Sections
- Customers

Gets a quick now and next view of charges last month and this month

Intended to be a faster and more reliable replacement to cost where a 'total cost' is required.

Scope

Billing Accounts
Billing Profiles
Invoice Sections
Customers

The breakdown of charges that have (or will go into) an invoice.

Scope

Reservations
Savings Plans

Gets a summary of how effectively you are currently using your reservations.

Was this article helpful?

Have more questions or facing an issue?

Submit a ticket