Prerequisites

This section describes the configuration and input information needed to connect Azure Modern Commerce Agreement (MCA) billing data to Cloud Cost Optimization. For help with Azure Enterprise Agreement (Legacy) billing data, see Microsoft Azure Enterprise Agreement (Legacy).

If you are part of the Azure Cloud Solution Provider program and wish to connect your partner data to Cloud Cost Optimization for cost reporting purposes, see Microsoft Cloud Solution Provider (CSP) Partner.

The following prerequisites are required to connect your Azure MCA billing data to Cloud Cost Optimization:

1. Confirming Azure Migration Status
2. Confirming Azure Plan and Billing Scopes
3. Creating App Registration in Microsoft Entra ID
4. Adding Modern Commerce Billing Access to Your App Registration
5. Assigning Permission to Azure Storage Account

Confirming Azure Migration Status

This section enables you to confirm the Azure Modern Commerce migration status of your Azure enrollment. In order to be fully migrated to the Azure Modern Commerce experience, you must have accepted the Microsoft Customer Agreement and had your Microsoft Azure subscriptions migrated to the new Azure plan subscription type.

Note:The confirmation procedure must be done by someone with the Global Administrator role on the Azure account. If you're unable to confirm any of the following points, check with Microsoft on the status of your account's migration to Modern Commerce.

To confirm acceptance of the Microsoft Customer Agreement:

1. Sign in to the Azure portal (portal.azure.com) using your Azure account.
2. On the Azure home page, under the Tools section, click Cost Management.
3. On the Cost Management page, click Go to billing account.
4. In the left pane, click Properties. If the value of Type is Microsoft Customer Agreement, then you have accepted the agreement.
5. Copy the ID field as your Billing Account ID.
6. Continue on to the next section, Confirming Azure Plan and Billing Scopes.

Confirming Azure Plan and Billing Scopes

Next, confirm that you have at least one subscription with the Azure Plan subscription type and that you have a Billing Account billing scope available.

To confirm Azure plan and billing scope:

1. On the Cost Management page (continuing from above), in the left pane, click Azure subscriptions.
2. Confirm that you have at least one subscription whose value for Plan is Microsoft Azure Plan
3. In the left pane, click Cost Management + Billing, and then click Billing scopes.
4. Confirm that you have at least one scope whose value for Billing scope type is Billing account

If you could confirm both Step 2 and Step 4, you have an Azure plan and a Modern Commerce billing account provisioned. Continue on to the next section, Creating App Registration in Microsoft Entra ID.

Creating App Registration in Microsoft Entra ID

In this step, you will create an app registration in Microsoft Entra ID to serve as the service principal for Cloud Cost Optimization to call in to Azure to retrieve your organization's Modern Commerce billing data.

To create app registration in Microsoft Entra ID:

1. Sign in to the Azure portal (portal.azure.com) with your Azure account.
2. In the upper-left corner of the Web page, click the Show portal menu icon, and then click Microsoft Entra ID. The Microsoft Entra ID page opens.
3. In the left pane, click App registrations, and then click New registration. The Register an application page opens.
4. In the Name box, enter a name for the application (for example, ‘Cloud Cost Optimization Billing Integration’), ensure Single tenant is selected, and then click Register.
5. Hover over the Application (client) ID and click the Copy to clipboard button to record the ID as your Application ID.
6. Hover over the Directory (tenant) ID and click the Copy to clipboard button to record the ID as your Directory ID.
7. In the left pane, click Certificates & secrets, and then click New client secret. The Add a client secret dialog box opens.
8. In the Description box, enter a name for the client secret (for example, ‘Counsellings’) and from the Expires dropdown list, select your preferred expiration time.

Note:If you enter 1 year or 2 years, after this time your secret will expire and you will need to update it in Cloud Cost Optimization to continue importing billing data.

9. Click Add.
10. Hover over the secret Value and click the Copy to clipboard button to record the value as your Application Secret. (Also, for your records, note down the Expires date so you know when you will need to create a new secret and update your Cloud Cost Optimization Bill Connect.)
11. Continue on to the next section, Adding Modern Commerce Billing Access to Your App Registration.

Adding Modern Commerce Billing Access to Your App Registration

This configuration step on the Azure side is to add the Billing account reader role to the app registration created previously, so that it has access to read billing data on your organization's Modern Commerce billing account.

To add Modern Commerce billing access to your app registration:

1. Sign in to the Azure portal (portal.azure.com) with your Azure account.
2. Click the following link: Azure Cost Management - Access Control. 
3. Click Add.
4. From the Role dropdown list, select Billing account reader. If you do not see this role, you may be on a scope other than the billing account, or you may not have the required access to view the billing account scope.
5. In the Select box, enter the name of your app registration you created in Creating App Registration in Microsoft Entra ID. By default, your app registration displays in the list.
6. Select your app registration and click Save. You will see your app registration appear under the Billing Account reader section, indicating that you have assigned the app registration the Billing account reader role.

Note:It is recommended that you add your Azure App to the reader role on your subscription or management group. This will provide you with access to all resources in a read only mode.

Assigning Permission to Azure Storage Account

Note:This step is required only if you are using Exports.

If you are setting up a new storage account in the Azure portal, you must assign the Storage Blob Data Reader role to the storage account to access the blob data.

To assign permission to the storage account:

1. Sign in to the Azure portal (portal.azure.com) using your Azure account.
2. Navigate to your newly created storage account. For more information, see Creating Scheduled Exports in the Azure Portal or Creating Scheduled Exports (Preview) in the Azure Portal.
3. Click Access Control (IAM). The Access Control (IAM) page appears.
4. Click Add to add the permission to the storage account. The Add role assignment page appears.
5. Search for the Storage Blob Data Reader role and assign it to the storage account.