Microsoft Azure Enterprise Agreement (Modern Commerce)

Cloud Cost Optimization uses bill data to provide an accurate view of your costs across accounts and services. This data is consumed by the Flexera One platform and made available for pre-built and ad-hoc analyses. In order to gather the cost information, certain configuration steps must be performed with specific data and credentials being shared with Cloud Cost Optimization.

This section describes the configuration and input information needed to connect Azure Enterprise Agreement (Modern Commerce) billing data to Cloud Cost Optimization. For help with Azure Enterprise Agreement (Legacy) billing data, see Microsoft Azure Enterprise Agreement (Legacy).

If you are part of the Azure Cloud Solution Provider program and wish to connect your partner data to Cloud Cost Optimization for cost reporting purposes, see Microsoft Cloud Solution Provider (CSP) Partner.

The following steps must be completed to connect your Azure Enterprise Agreement (Modern Commerce) billing data to Cloud Cost Optimization for cost reporting purposes:

Confirm Azure Migration Status
Confirm Azure Plan and Billing Scopes
Create App Registration in Azure Active Directory (AD)
Add Modern Commerce Billing Access to Your App Registration
Create Azure MCA Enterprise Bill Connect in Cloud Cost Optimization. For instructions on using Cloud Cost Optimization to add or update billing information, see Adding New Billing Data or Updating Billing Data Configurations. For instructions on connecting your cloud accounts to Policies, see Managing Credentials for Policy Access to External Systems.

You now have everything you need to create your Azure MCA Enterprise Bill Connect in Cloud Cost Optimization. The final step is to add the billing information into Cloud Cost Optimization.

For instructions on using Cloud Cost Optimization to add or update billing information, see Adding New Billing Data or Updating Billing Data Configurations.
For instructions on connecting your cloud accounts to Policies, see Managing Credentials for Policy Access to External Systems.
For recommendations it is advised to add your Azure App to the reader role on your subscription or management group. This will provide you with access to all resources in a read only mode.

Confirm Azure Migration Status

The purpose of this section is to confirm the Azure Modern Commerce migration status of your Azure enrollment. In order to be fully migrated to the Azure Modern Commerce experience, you must have accepted the Microsoft Customer Agreement (MCA) and had your Microsoft Azure subscriptions migrated to the new Azure plan subscription type.

Note:The confirmation procedure must be done by someone with the Global Administrator role on the Azure EA account. If you're unable to confirm any of the points below, check with Microsoft on the status of your EA account's migration to Modern Commerce.

To confirm acceptance of Microsoft Customer Agreement:

1. Sign in to the Azure portal (portal.azure.com) using your Azure EA account.
2. On the Azure home page, under the Tools section, click Cost Management.
3. On the Cost Management page, click Go to billing account.
4. In the left pane, click Properties. If the value of Type is Microsoft Customer Agreement, then you have accepted the MCA.
5. Copy the portion of the ID field before the first ':' character as your Billing Account ID.

For example, if the full Billing Account Name is 1bc3aca-5016-4db0-a6bc-1111fccdf72b:5efda3d-936b-4534-99cf-46b0d0a1211e_2018-09-30, then the Billing Account ID would be 1bc3aca-5016-4db0-a6bc-1111fccdf72b 

6. Continue on to the next section, Confirm Azure Plan and Billing Scopes.

Confirm Azure Plan and Billing Scopes

Next, confirm that you have at least one subscription with the Azure Plan subscription type and that you have a Billing Account billing scope available.

To confirm Azure plan and billing scope:

1. On the Cost Management page (continuing from above), in the left pane, click Azure subscriptions.
2. Confirm that you have at least one subscription whose value for Plan is Microsoft Azure Plan
3. In the left pane, click Cost Management + Billing, and then click Billing scopes.
4. Confirm that you have at least one scope whose value for Billing scope type is Billing account

If you could confirm both Step 2 and Step 4, you have an Azure plan and a Modern Commerce billing account provisioned. Continue on to the next section, Create App Registration in Azure Active Directory (AD).

Create App Registration in Azure Active Directory (AD)

In this step, you will create an app registration in Azure AD to serve as the service principal for Cloud Cost Optimization to call in to Azure to retrieve your organization's Modern Commerce billing data.

To create app registration in Azure Active Directory:

1. Sign in to the Azure portal (portal.azure.com) with your Azure EA account.
2. In the upper-left corner of the Web page, click the Show portal menu icon, and then click Azure Active Directory. The Azure Active Directory page opens.
3. In the left pane, click App registrations, and then click New registration. The Register an application page opens.
4. In the Name box, enter a name for the application (for example, Cloud Cost Optimization Billing Integration), ensure Single tenant is selected, and then click Register.
5. Hover over the Application (client) ID and click the Copy to clipboard button to record the ID as your Application ID.
6. Hover over the Directory (tenant) ID and click the Copy to clipboard button to record the ID as your Directory ID.
7. In the left pane, click Certificates & secrets, and then click New client secret. The Add a client secret dialog box opens.
8. In the Description box, enter a name for the client secret (for example, Counsellings) and from the Expires dropdown list, select your preferred expiration time.

Note:If you enter 1 year or 2 years, after this time your secret will expire and you will need to update it in Cloud Cost Optimization to continue importing billing data.

9. Click Add.
10. Hover over the secret Value and click the Copy to clipboard button to record the value as your Application Secret. (Also, for your records, note down the Expires date so you know when you will need to create a new secret and update your Cloud Cost Optimization Bill Connect.)
11. Continue on to the next section, Add Modern Commerce Billing Access to Your App Registration.

Add Modern Commerce Billing Access to Your App Registration

The last required configuration step on the Azure side is to add the Billing account reader role to the app registration created previously, so that it has access to read billing data on your organization's Modern Commerce billing account.

To add Modern Commerce Billing access to your app registration:

1. Sign in to the Azure portal (portal.azure.com) with your Azure EA account.
2. Click the following link: Azure Cost Management - Access Control. 
3. Click Add.
4. From the Role dropdown list, select Billing account reader. If you do not see this role, you may be on a scope other than the billing account, or you may not have the required access to view the billing account scope.
5. In the Select box, enter the name of your app registration you created in Create App Registration in Azure Active Directory (AD). By default, your app registration displays in the list.
6. Select your app registration and click Save. You will see your app registration appear under the Billing Account reader section, indicating that you have assigned the app registration the Billing account reader role.

You now have everything you need to create your Azure MCA Enterprise Bill Connect in Cloud Cost Optimization. The final step is to add the billing information into Cloud Cost Optimization.

For instructions on using Cloud Cost Optimization to add or update billing information, see Adding New Billing Data or Updating Billing Data Configurations.
For instructions on connecting your cloud accounts to Policies, see Managing Credentials for Policy Access to External Systems.
For recommendations it is advised to add your Azure App to the reader role on your subscription or management group. This will provide you with access to all resources in a read only mode.