Azure plugin

For more information about what this plugin does and the data streams it retrieves, see:

Monitor your Azure environment, VMs, Functions, Cost and more.

To add a data source click on the + next to Data Sources on the left-hand menu in SquaredUp. Search for the data source and click on it to open the Configure data source page.

You can also add a data source by clicking Add data source on the Settings > Data Sources page, but pre-built dashboards are not added when using this method.

Before you start

When configuring the data source and selecting the Authentication method, you have two options to choose from - clicking the Sign-in button or entering Explicit application credentials.

Entering Explicit application credentials is highly recommended, as this option gives greater granular control over which permissions the data source uses. To enforce a "least privilege" approach, you can configure an application in Azure with only the Reader role assigned and that is restricted to certain areas of your tenant.

In the Azure portal, navigate to App registrations and do one of the following:
- If you don't have an app registration for SquaredUp, create a new one using the default options (no redirect URL is needed).
- If you already have an app registration configured for SquaredUp, you can simply edit it and add roles.
Make a note of the Application (client) ID and the Directory (tenant) ID.
In Certificates and secrets add a new secret, and make a note of the value.
For more information see Microsoft: Use the portal to create an Microsoft Entra application and service principal that can access resources.
Navigate to the Subscription or Resource Group that you want to integrate and view in SquaredUp, and make a note of the ID.
1. In Access control (IAM) click Add > Add role assignments and choose the Reader role.
2. Search for the name of the app registration you created, select it and click Review + assign.
3. Repeat these steps to integrate multiple subscriptions and resources groups.
Optionally, to use the Cost data streams:
1. In Access control (IAM) click Add > Add role assignments and choose the Cost Management reader role.
2. Search for the name of the app registration you created, select it and click Review + assign.
Optionally, to use the Billings data streams:
1. Open Cost management + Billing and select the right scope from Billing scopes.
2. In Access control (IAM) click Add and choose the Billing account reader role.
  If you don't see billing account reader or you cannot assign it to your application then see the Enterprise agreementoption when selecting a Billing Account Type, as this advises how to assign permissions via the Azure API.
3. Search for the name of the app registration you created, select it and click Add.
Optionally, to use all the Savings plans and/or Reservations data streams:
1. Open Savings plans or Reservations and select the plan you want.
2. In Access control (IAM) click Add and choose the Billing account reader or Enrollment reader role.
3. Search for the name of the app registration you created, select it and click Select, then Review + assign.

Configuring the data source

Display Name:
Enter a name for your data source. This helps you to identify this data source in the list of your data sources.
Authentication:
You have two options to choose from for authentication, using the Sign-in button or entering Explicit application credentials:.
- Sign-in button :
  Allows the Azure data source instance to access Azure from the perspective of a given user account, with limited granular control over the permissions the data source runs with.
  
  After clicking the Sign in with Microsoft button you can choose to login as either an administrator or a non-administrator of the target tenant (see Microsoft: Manage consent to applications and evaluate consent requests).
  As an administrator you can either consent for just yourself or for everyone in the organization by clicking 'Consent of behalf of your organization', see User and admin consent in Microsoft Entra ID
  The Azure data source will then use this administrator's credentials. With this in mind you may choose to Restrict access to this data source.
  At the Approval required prompt you must enter justification for requesting access and request approval. In SquaredUp you will see an 'access_denied - (cancel)' message until an administrator approves your request.
  An administrator of the target tenant can respond to the consent request in the Azure portal > Enterprise applications > Admin consent requests see Microsoft: Review admin consent requests.
  After consent has been granted the non-administrator must return to the Azure data source configuration and click the Sign-in with Microsoft button again. This time after signing in the message Logged in as <username> will be shown.
  The Azure data source will then use this non-administrator's credentials.
- Explicit application credentials:
  The recommended authentication method, allowing you to assign granular permissions when configuring explicit application credentials. You must enter the following for the app registration you configured in Azure:
  - Directory (tenant) ID
  - Application (client) ID
  - Client secret
Subscription IDs:
Do the following depending on your Authentication method:
- Sign-in button: By default (when no Subscription ID is specified), objects are indexed from all the subscription IDs you have access to. Optionally, enter specific Subscription IDs to import so that only those specified objects are indexed.
- Enter the Subscription IDs to import. You may enter as many as required, but at least one must be specified.
Management Group IDs:
Do the following depending on your Authentication method:
- By default (when no Management Group ID is specified), objects are indexed from all the Management Group IDs you have access to. Optionally, enter specific Management Group IDs to import so that only those specified objects are indexed.
- Enter the Management Group IDs to import. You may enter as many as required, but at least one must be specified.
Billing Account Type:
Select the billing account type of your Azure instance. Choose from:
- Microsoft Customer Agreement/Microsoft Partner Agreement/Microsoft Online Services Program: The default option. This is automated and requires no further configuration beyond granting permission to read the billing account.
- Enterprise Agreement: This option requires you to specify a Billing Account ID and one or more Enrollment Account IDs.
  
  When using an Enterprise Agreement, you must use the Azure REST API to assign Enrollment Reader to an Azure Service Principal (SPN) OR use the Sign-in button authentication button and authenticate with an account that has been granted Enrollment Reader.
  
  As there is no user interface to assign this role to an SPN, it must be performed via the API, as described here. You can easily make requests to the Azure API using the Azure CLI.
Install Dashboards:
Select whether you would like to install pre-built dashboards and perspectives with the data source. By default, this is set to on.

Restrict access to this data source:
You can enable this option if you only want certain users or groups to have access to the data source, or the permission to link it to new workspaces. See data source access control for more information.

The term data source here really means data source instance. For example, a user may configure two instances of the AWS data source, one for their development environment and one for production. In that case, each data source instance has its own access control settings.

By default, Restrict access to this data source is set to off. The data source can be viewed, edited and administered by anyone. If you would like to control who has access to this data source, switch Restrict access to this data source to on.

Use the Restrict access to this data source dropdown to control who has access to the workspace:

By default, the user setting the permissions for the data source will be given Full Control and the Everyone group will be given Link to workspace permissions.
Tailor access to the data source, as required, by selecting individual users or user groups from the dropdown and giving them Link to workspace or Full Control permissions.
If the user is not available from the dropdown, you are able to invite them to the data source by typing in their email address and then clicking Add. The new user will then receive an email inviting them to create an account on SquaredUp. Once the account has been created, they will gain access to the organization.
At least one user or group must be given Full Control.
Admin users can edit the configuration, modify the Access Control List (ACL) and delete the data source, regardless of the ACL chosen.

Access level	Permissions
Link to workspace	User can link the data source to any workspace they have at least Editor permissions for. Data from the data source can then be viewed by anyone with any access to the workspace. User can share the data source data with anyone they want. User cannot configure the data source in any way, or delete it.
Full Control	User can change the data source configuration, ACL, and delete the data source.

See Access control for more information.

Click Test and add to validate the data source configuration. SquaredUp will now attempt to connect to SquaredUp using the provided authentication method. If this process fails, see Testing and troubleshooting for assistance with the corresponding errors.

Next steps

Azure provider registration

For your data streams to load correctly you must ensure that the subscriptions monitored by the Azure plugin have their providers registered. If a call is made to a subscription which does not have a required provider registered, it will return a 409 Conflict error.

Refer to the Azure documentation for detailed information on registering providers in Azure.

The Azure plugin makes calls to the following providers:

providers/Microsoft.Billing
providers/Microsoft.BillingBenefits
providers/Microsoft.Capacity
providers/Microsoft.Consumption
providers/Microsoft.CostManagement
providers/Microsoft.Insights
providers/microsoft.management
providers/Microsoft.OperationalInsights
providers/Microsoft.ResourceGraph
providers/Microsoft.ResourceHealth
providers/microsoft.securityinsights

Data streams

Data streams standardize data from all the different shapes and formats your tools use into a straightforward tabular format.

While creating a tile you can tweak data streams by grouping or aggregating specific columns.

Depending on the kind of data, SquaredUp will automatically suggest how to visualize the result, for example as a table or line graph.

Data streams can be either global or scoped:

Global data streams are unscoped and return information of a general nature (e.g. "Get the current number of unused hosts").
A scoped data stream gets information relevant to the specific set objects supplied in the tile scope (e.g. "Get the current session count for these hosts").

See Data Streams for more information.

The following data streams are installed with this plugin.

Data stream	Description
Availability	Get the availability status of an item or set of items
Availability Percentage	Percentage of successfully completed availability tests
Availability Test Count	Count of availability tests
Availability Test Duration	Availability test duration
Available Memory	Physical memory immediately available for allocation
Available Memory Bytes	Amount of physical memory, in bytes, immediately available for allocation to a process or for system use
Average CPU Percentage	Average CPU percentage
Average Memory Working Set	Average amount of memory used by the app
Blocked by Firewall	Number of requests blocked by firewall
Budget	Get the current state of a budget or list of budgets
Budget Overview	Get the current state of any budget applied to the scope
Composite Disk Read Bytes/sec	Bytes/sec read from disk during monitoring period
Composite Disk Read Operations/sec	Number of read IOs performed on a disk during monitoring period
Composite Disk Write Bytes/sec	Bytes/sec written to disk during monitoring period
Composite Disk Write Operations/sec	Number of Write IOs performed on a disk during monitoring period
Cost with forecast	Actual and forecast cost by day
Cost with forecast (accumulated)	Accumulated actual and forecast cost by day
Disk Read Bytes/Sec	Bytes/ Sec read from a single disk during the monitoring period
Data Disk Read Operations/Sec	Read IOPS from a single disk during monitoring period
Data Disk Write Bytes/sec	Bytes/Sec written to a single disk during monitoring period
Data Disk Write Operations/Sec	Write IOPS from a single disk during monitoring period
Data Space Allocated	Allocated data storage
DataFactory Integration Runtime Health	Gets Integration Runtime health
DataFactory Integration Runtime Metrics	Gets Integration Runtime Metrics. Only available for Self Hosted Integration RunTimes.
DTU Percentage	DTU percentage
DTU Used	DTU Used
Exceptions per Second	Count of handled and unhandled exceptions reported to windows
Failed Connections	Number of failed connections
Guest VM Metric	Guest VM Metric
HTTP 4xx	Number of requests resulting in HTTP status code 4xx
HTTP 5xx	Number of requests resulting in HTTP status code 5xx
Invoice History	Gets a historical invoice summary
Invoice Payment History	Gets a historical summary of invoice payments
IO Bytes Read	IO Bytes Read
IO Bytes Written	IO Bytes Written
IO Requests Count	IO Requests Count
Network In Total	The number of bytes received on all network interfaces
Network Out Total	The number of bytes out on all network interfaces
OS Disk Read Bytes/sec	Bytes/Sec read from a single disk during monitoring period for OS disk
OS Disk Read Operations/Sec	Read IOPS from a single disk during monitoring period for OS disk
OS Disk Write Bytes/sec	Bytes/Sec written to a single disk during monitoring period for OS disk
OS Disk Write Operations/Sec	Write IOPS from a single disk during monitoring period for OS disk
Overall Web Test Availability	Overall web test availability
Percentage CPU	The percentage of allocated compute units that are currently in use
Process CPU Percentage	The percentage of elapsed time that all process threads used the processor to execute instructions
Process IO Bytes per Second	Total bytes per second read and written to files, network and devices
Process Private Bytes	Memory exclusively assigned to the monitored application's processes
Processor CPU Percentage	The percentage of time that the processor spends in non-idle threads
Request Execution Time	Execution time of the most recent request
Requests in Queue	Length of the application request queue
Requests per Second	Rate of all requests to the application per second from ASP.NET
Reservation Cost Details	Gets cost details for a reservation from the reservation order. Scopes to `Reservation`. Requires billing permissions.
Reservation Normalized Hours History	Gets a historical summary of utilization in normalized hours. Utilization data may be delayed by up to 24 hours. The data displayed for the last day may be inaccurate.
Reservation Percent Utilization History	Gets a historical summary of reservation percentage utilization. Utilization data may be delayed by up to 24 hours. The data displayed for the last day may be inaccurate.
Reservation Transactions	Gets reservation transactions for a billing scope. Scopes to `Billing Account` and `Billing Profile`.
Savings Plan Percent Utilization History	Gets a historical summary of savings plan percentage utilization. Utilization data may be delayed by up to 24 hours. The data displayed for the last day may be inaccurate.
Sentinel Alerts	Get a list of Microsoft Sentinel alerts
Sentinel Incidents	Get a list of Microsoft Sentinel incidents
Sessions Percentage	Sessions percentage
Storage Percent	Storage percentage
Storage Space Reserved	Storage space reserved
Storage Space Used	Storage space used
Subscription Charges	Get the state of charges on a subscription or list of subscriptions
Subscription Charges Overview	Get the state of charges on any subscription in scope
Successful Connections	Number of successful connections
Time Since Last Web Test Outage	Time since last web test outage
Top Longest Web Test Outages	Top longest web test outages
Total Web Test Down Time	Total web test down time
Total Web Test Outages	Total web test outages
Transactions	Gets transactions for a billing scope
Utilization Summary	Gets the current utilization summary of the item.
Virtual Core Count	Virtual Core Count
Web Test Overview	Web Test Overview
Workers Percentage	Workers Percentage

Configurable data streams

The following data streams have configurable Parameters.

Data stream	Description	Parameters
Availability History	Get the availability history of an item or set of items	Apply timeframe to field: Pick a field from the response to filter the response by.
Alterts	Gets a list of alerts for an item or set of items.	Monitor Condition: Optionally, specify a monitor condition to filter results by. Severity: Optionally, specify the severity of the alert to filter results by.
Cost	Group cost by dimension and/or filter by resource type	Group By: Optionally, select a grouping dimension. Filter: Optionally, select a resource type to filter by. Granularity: Select the level of granularity. Metric Type: Select the type of usage detail to return from the API.
Cost (By Tag)	Group cost by tag	Group By Tag : Select a tag to group by. Filter By Tag: Select a tag to filter by. Filter by tag: Optionally, select a tag to filter by. Metric Type: Select the type of usage detail to return from the API. Choose from: Actual Cost Amortized Cost Cumulative cost: Select this checkbox to view the total cost accumulated over a period of time.
Cost (Invoice Details)	Invoice style cost	Metric Type: Select the type of usage detail to return from the API. Choose from: Actual Cost Amortized Cost
Cost (Location)	Location cost by day	Metric Type: Select the type of usage detail to return from the API. Choose from: Actual Cost Amortized Cost
Cost (Service)	Service cost	Metric Type: Select the type of usage detail to return from the API. Choose from: Actual Cost Amortized Cost
KQL Log Analytics	Query Log Analytics workspace	KQL Query: Enter a KQL query to retrieve log analytics data. It is recommended that you first run the query in Azure to ensure that it isn't retrieving too many results. If the query displays the "Your query is consuming excessive resources" message in Azure, then the SquaredUp tile using that query will timeout. This data stream supplies scoped objects in an array for mustache parameters. When there are multiple objects in scope this data source will send the query once with all the objects in an array. When the scoped objects are supplied in an array the normal mustache syntax, for example `{{name}}`, must be contained between `{{#.}}` and `{{/.}}` (the full-stop indicates that the whole object should be used, in this case the array of objects in scope). For example, a query where clause might look like: `\| where ComputerName in ( {{#.}} '{{name}}', {{/.}} '' )` The `{{#.}}` and `{{/.}}` indicate that what is contained within is expanded for each element in the array of objects. You can use properties of objects and write them in between curly braces e.g `{{name}}` to use them as mustache parameters. For example, if objects of type "host" have a property called `name`, you can use `{{name}}`. This will resolve `{{name}}` to the value of the name property of the different "host" objects used in the scope. `'{{name}}',` means that the name property is expanded inside single-quotes with a trailing comma. The trailing single quotes `''` are necessary to stop the query being rejected because a trailing comma is disallowed. Whenever you use mustache parameters, you need to use a scope of objects that contain the property you're referencing. Ignore dashboard timeframe: If selected, the Timeframe entered below will be used instead. Timeframe: Optionally, supply an ISO duration to override the dashboard timeframe
KQL Log Analytics (object-aware)	Run a KQL log query using a specific collection and optional mustache replacement	KQL Query: Enter a KQL query to retrieve data from the the Azure resource graph. It is recommended that you first run the query in Azure to ensure that it isn't retrieving too many results. If the query displays the "Your query is consuming excessive resources" message in Azure, then the SquaredUp tile using that query will timeout. API Version: Optionally, enter an API Version, for example: `2017-10-01`.
KQL Resource Graph	Run a KQL Query on the Azure Resource Graph	KQL Query: Enter a KQL query to retrieve data from the the Azure resource graph. It is recommended that you first run the query in Azure to ensure that it isn't retrieving too many results. If the query displays the "Your query is consuming excessive resources" message in Azure, then the SquaredUp tile using that query will timeout. API Version: Optionally, enter an API Version, for example: `2017-10-01`.
KQL Resource Graph (object-aware)	Run a KQL resource graph query using a collection scope and optional mustache replacement	KQL Query: Enter a KQL query to retrieve data from the the Azure resource graph. It is recommended that you first run the query in Azure to ensure that it isn't retrieving too many results. If the query displays the "Your query is consuming excessive resources" message in Azure, then the SquaredUp tile using that query will timeout. API Version: Optionally, enter an API Version, for example: `2017-10-01`.
Monitor Metric	Monitor Metric	Metric Name: Select a metric from the dropdown, for example: `TotalRequests`. Any data stream you have created can later be edited from Settings > Data Streams. For example, you may wish to change the shape for timeseries metrics from `number` to `milliseconds`. Aggregation: Optionally, select an aggregation to group the data by. Split/Filter: Optionally, select this check box if you want to apply splitting or filtering to the results, then configure the following settings: Apply Splitting: Select the property to split by. For example, `StatusCode`. Split Limit: Enter a value to limit the number of split results by. Sort: Select whether to display results by Ascending or Descending order. This option is set to Descending by default. Filter to property: Select a property to filter results by. For example, `OperationType`. Filter Value: Specify values for the filtered property to filter by. For example, `ReadFeed` and `read`. Roll-up filter: Select to merge results. For example, this would merge results with the same status codes.
Monitor Metrics (Multi-select)	Monitor Metrics (Multi-select)	Metric Name: Select a metric from the dropdown, for example: `TotalRequests`. Any data stream you have created can later be edited from Settings > Data Streams. For example, you may wish to change the shape for timeseries metrics from `number` to `milliseconds`. Aggregation: Optionally, select an aggregation to group the data by. Split/Filter: Optionally, select this check box if you want to apply splitting or filtering to the results, then configure the following settings: Apply Splitting: Select the property to split by. For example, `StatusCode`. Split Limit: Enter a value to limit the number of split results by. Sort: Select whether to display results by Ascending or Descending order. This option is set to Descending by default. Filter to property: Select a property to filter results by. For example, `OperationType`. Filter Value: Specify values for the filtered property to filter by. For example, `ReadFeed` and `read`. Roll-up filter: Select to merge results. For example, this would merge results with the same status codes.
Savings Plan Recommendations	Get Savings Plan Recommendations for the scope	Recommendation Scope: Select the type of scope to use in recommendations. Choose from: Single Shared Recommendation Term: Select the length of the commitment.
Reservation Recommendations	Get Reservation Recommendations for the scope	Recommendation Scope: Select the type of scope to use in recommendations. Choose from: Single Shared Resource Type: Select the type of resource to get recommendations for.

Was this article helpful?

Have more questions or facing an issue?

Submit a ticket