Documentationbreadcrumb arrow Learning Journeysbreadcrumb arrow Monitor Azure resources with Grafana Cloudbreadcrumb arrow Create service principal
Monitor Azure resources with Grafana Cloud
32 min
Milestone 1
The case for observability
2 min
Milestone 2
Advantages
3 min
Milestone 3
Navigate to Cloud Provider Observability
1 min
Milestone 4
Create service principal
2 min
Milestone 5
Connect Azure account
1 min
Milestone 6
Configure metrics
2 min
Milestone 7
Verify data collection
2 min
Milestone 8
Install preconfigured dashboards and alerts
13 min
Milestone 9
Explore Azure data
3 min
Milestone 10
Destination reached!
1 min

Create an Azure service principal

In this milestone, you’ll create an Azure service principal that grants Grafana Cloud the necessary permissions to collect metrics from your Azure account. This service principal uses the principle of least privilege, providing the read-only access required for monitoring.

A service principal is an identity created for use with applications and services. In this case, the service principal allows Grafana Cloud to authenticate with Azure and read metrics data without requiring user credentials.

Create the service principal

To create an Azure service principal, complete the following steps:

  1. On the Add new credential page in Grafana Cloud, click Setup instructions.

    The setup instructions display the Azure CLI commands needed to create the service principal.

  2. Open a terminal or Azure Cloud Shell.

  3. Log in to your Azure account:

    Bash 
    az login

  4. List your available subscriptions to identify which subscriptions you want to monitor:

    Bash 
    az account list --output table

  5. Create a service principal with the Monitoring Reader role for each subscription you want to monitor.

    Replace <subscription-id> with your Azure subscription ID:

    Bash 
    az ad sp create-for-rbac --name grafana-cloud-azure-metrics --role "Monitoring Reader" --scopes "/subscriptions/<subscription-id>"

    Note

    If a service principal with this name already exists, this command updates it with the specified role and scopes.

  6. Save the output of the command, which includes the credential information you need for the next milestone:

    JSON 
    {
  "appId": "12345678-1234-1234-1234-123456789012",
  "displayName": "grafana-cloud-azure-metrics",
  "password": "your-secret-password",
  "tenant": "87654321-4321-4321-4321-210987654321"
}
    • appId is the Client ID
    • password is the Client secret
    • tenant is the Tenant ID

Caution

Store the client secret securely. Azure displays this value only once during service principal creation. If you lose this value, you’ll need to create a new client secret.

The service principal is now created with read-only access to Azure Monitor metrics for the specified subscription.

In your next milestone, you’ll use this service principal to connect your Azure account to Grafana Cloud.

Navigate to Cloud Provider Observability
page 5 of 11
Connect Azure account
page 5 of 11