Cloud Services

ModernOps configuration

Azure Cloud prerequisites configuration
Published On Sep 06, 2024 - 10:40 AM

Azure Cloud prerequisites configuration

Learn the prerequisites needed before onboarding a new Microsoft Azure account.
Before Enterprise Marketplace users can access data and applications in Azure, ensure Azure has been configured to enable that access.

Batch account

The Azure account used in Enterprise Marketplace must have a MicrosoftAzureBatch Contributor role set up. If the role does not already exist in the Azure account, the Catalog Admin must manually create this role. See the "Create a custom Role using Azure CLI" tutorial at https://learn.microsoft.com/en-us/ for instructions on setting up a custom role.

Key vault

If an Azure service offering instance in Enterprise Marketplace uses an existing key vault to store Azure passwords or other secret information, the MicrosoftAzureBatch policy must exist in the key vault access policies. The policy properties for 
enabledForDeployment and enabledForTemplateDeployment
 must be set to the value true.
See the the "Microsoft.Azure.Management.KeyVault Namespace" and "Set-AzureRmKeyVaultAccessPolicy" documentation at https://learn.microsoft.com/en-us/ for more information on how to configure these policy properties.

AD graph API

Before using the Azure AD Graphic API to access Azure Active Directory (AD) information, you must set up access privileges in Azure. Failure to set up these privileges will result in insufficient privileges to complete the operation error. Set up the following permissions in Azure AD:
  • Read directory data
  • Read and write directory data
For details on configuring this access, see the article "Azure Active Directory Graph API" at https://learn.microsoft.com/en-us/.
Do you have two minutes for a quick survey?
Take Survey