Azure Integration
Connect your Microsoft Azure subscriptions using App Registration and service principal authentication.
Overview
CosmosCost integrates with Microsoft Azure using the Cost Management API and Azure Resource Manager. An Azure App Registration with a service principal provides secure, auditable access to your cost and usage data.
Key Features
Service Principal Auth
Secure, auditable access via Azure AD
Read-Only Access
Cannot modify Azure resources
Cost Management API
Detailed cost breakdowns by resource
Multi-Subscription Support
Connect multiple subscriptions under one tenant
Prerequisites
- Active Azure subscription
- Azure AD permissions to create App Registrations
- Ability to assign roles at subscription scope
- CosmosCost Business or Business+ plan
Quick Setup
Step 1: Create an App Registration
- Open Azure Portal
- Navigate to Azure Active Directory → App registrations
- Click New registration
- Enter a name (e.g.,
CosmosCost Integration) - Select Accounts in this organizational directory only
- Leave Redirect URI empty
- Click Register
Step 2: Note the Application Details
From the App Registration overview, copy:
- Application (client) ID
- Directory (tenant) ID
Step 3: Create a Client Secret
- Go to Certificates & secrets
- Click New client secret
- Add a description (e.g., "CosmosCost access")
- Choose expiration period (recommend 12 or 24 months)
- Click Add
- Copy the secret value immediately - it won't be shown again
Important
Copy the client secret value immediately after creation. Azure only shows it once. You'll need to create a new secret if you lose it.
Step 4: Assign Role to Service Principal
- Navigate to your Subscription in Azure Portal
- Go to Access control (IAM)
- Click Add → Add role assignment
- Select the Reader role
- Click Next
- Choose User, group, or service principal
- Click Select members
- Search for your App Registration name
- Select it and click Select
- Click Review + assign
Repeat to add the Cost Management Reader role:
- Click Add → Add role assignment again
- Select Cost Management Reader role
- Assign to the same service principal
- Click Review + assign
Step 5: Get Your Subscription ID
- Go to Subscriptions in Azure Portal
- Click on your subscription
- Copy the Subscription ID from the Overview page
Step 6: Connect in CosmosCost
- Log in to your CosmosCost dashboard
- Navigate to Settings → Cloud Accounts
- Click Add Cloud Account
- Select Microsoft Azure
- Enter the following:
- Tenant ID
- Subscription ID
- Application (Client) ID
- Client Secret
- Click Connect Account
Success!
Your Azure subscription is connected. Initial sync may take up to 24 hours.
Required Information Summary
| Field | Where to Find |
|---|---|
| Tenant ID | Azure AD → App registrations → Your app → Overview |
| Subscription ID | Subscriptions → Your subscription → Overview |
| Application (Client) ID | Azure AD → App registrations → Your app → Overview |
| Client Secret | Azure AD → App registrations → Your app → Certificates & secrets |
Multi-Subscription Setup
To connect multiple Azure subscriptions:
- Use the same App Registration for all subscriptions in a tenant
- Assign Reader and Cost Management Reader roles on each subscription
- Add each subscription separately in CosmosCost using the same credentials
- Or assign roles at the Management Group level for automatic access to all subscriptions
Troubleshooting
Connection Failed
- Verify all IDs are copied correctly
- Check client secret hasn't expired
- Confirm roles are assigned to service principal
No Data Appearing
- Wait 24 hours for initial sync
- Verify subscription has billable usage
- Check Cost Management Reader role is assigned
Permission Errors
- Verify roles at subscription scope
- Wait 5-10 minutes for role propagation
- Review Azure Activity Log for denied requests
Still having issues? Check troubleshooting guide or contact support.