> For the complete documentation index, see [llms.txt](https://docs.finops.softwareone.com/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://docs.finops.softwareone.com/system/data-sources/microsoft-azure/configure-azure-access.md).

# Configure Azure Access

## Configure Azure for FinOps for Cloud

FinOps for Cloud requires an app registration to connect to your Azure subscriptions.

As you create your app registration, make a note of the following:

* Application (client) ID
* Directory (tenant) ID
* Client secret

Additionally, if you plan to add individual Azure subscriptions rather than the tenant itself, make a note of each Subscription ID to be added.

### Create the app registration

More information about creating app registrations can be found here: <https://learn.microsoft.com/en-us/entra/identity-platform/quickstart-register-app>

To create the app registration, follow these steps:

1. Sign in to the Azure Portal with a user that has enough permissions to create an app registration.
2. Browse to **Entra ID** > **App registrations** and select **New registration**.
3. Provide a name for the application. We recommend `FinOpsForCloud` .
4. Under **Supported account types**, select **Accounts in this organizational directory only**.
5. Select **Register** to complete the app registration.

On the app registration **Overview** page, make a note of:

1. The **Application (client) ID**.
2. The **Directory (tenant) ID**.

### Create a client secret

More information about creating a client secret can be found here: <https://learn.microsoft.com/en-us/entra/identity-platform/how-to-add-credentials?tabs=client-secret>

1. On the `FinOpsForCloud` app registration **Overview** page, expand the **Manage** menu on the left and click **Certificates & secrets**.
2. Select **New client secret** and add a description for your secret.
3. Select an expiration for the secret. SoftwareOne recommends setting an expiration value of less than 12 months.
4. Select **Add**.

Make a note of the client secret **Value** for use in FinOps for Cloud. This secret value is *never displayed again* after you leave this page.

### Find your subscription IDs

If you intend to add individual Azure subscriptions to FinOps for Cloud rather than a tenant, follow these steps to make a note of your subscription IDs.

1. In the top search field of the Azure Portal, search for **Subscriptions**.
2. For each subscription you wish to add to FinOps for Cloud, make a note of the ID in the **Subscription ID** column.

### Assign the Reader Role

When adding either individual Azure subscriptions or an Azure tenant to FinOps for Cloud, the Reader role in each subscription must be assigned to the app registration.

{% hint style="warning" %}
You must have **Owner** or **User Access Administrator** permissions on the subscription to assign roles.
{% endhint %}

1. In the top search field of the Azure Portal, search for **Subscriptions**.
2. For each subscription you wish to add to FinOps for Cloud, add the **Reader** role as follows:
   1. Select the specific subscription, then click on **Access control (IAM)** in the left menu.
   2. Click **+ Add** and select **Add role assignment**.
   3. On the **Role** tab, search for and select the **Reader** role.
   4. On the **Members** tab, set "Assign access to" to **User, group, or service principal**.
   5. Click **+ Select members**, search for `FinOpsForCloud`, and select it.
   6. Click **Review + assign** to finalize.

### Next steps

When you have completed these steps, you are ready to [Add your Azure subscriptions to FinOps for Cloud](/system/data-sources/microsoft-azure/add-your-azure-subscriptions-to-finops-for-cloud.md).


---

# Agent Instructions
This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com.

## Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.finops.softwareone.com/system/data-sources/microsoft-azure/configure-azure-access.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.