Microsoft Azure Cloud Services and VM Monitoring

In order for Netreo to discover VMs (virtual machines) and/or services from your Azure account, some configuration must be done in Azure before configuring Netreo. Follow the instructions in the Azure Configuration section first, then follow the instructions in the Netreo Configuration section. When both sections are complete, Netreo will begin scanning for and automatically adding your Azure VMs and/or services for monitoring.

Netreo can collect the following metrics from virtual machines running on Azure:

• Percentage CPU
• Network In
• Network Out
• Disk Read Bytes
• Disk Write Bytes
• Disk Read Operations/Sec
• Disk Write Operations/Sec
• CPU Credits Remaining

See Microsoft's Azure documentation for more information about these statistics.

Azure Configuration

The instructions below use Microsoft's latest official documentation, which can be found here: https://docs.microsoft.com/en-us/azure/active-directory/develop/howto-create-service-principal-portal

To make things as easy as possible, each step below includes a direct link to the exact section of the Microsoft instructions you will need to follow, along with any Netreo-specific instructions for configuration. Each link opens in a new tab for convenience.

While performing the steps below, you will need to record several values (to be entered into Netreo later). Be prepared to make a note of them as they come up.

Follow these steps to configure your Azure account for Netreo monitoring.

1. Create and register a new application with Azure AD by following the instructions under Register an application with Azure AD and create a service principal, then return here and continue to step 2.
   • It is recommended to name the application something like "Netreo Azure Monitoring" so it is clear what the application is for.
   • Use single tenant for the supported account types selection.
   • No redirect URI is necessary.
2. Assign a role to the application by following the instructions under Assign a role to the application, then return here and continue to step 3.
   • Assign the role of Contributor.
3. Configure authentication for the application by following the instructions under Authentication: Two options, then return here and continue to step 4.
   • Use Option 2: Create a new application secret.
   • Record the value for your application secret so it may be entered into Netreo later.
4. Retrieve the application and directory ID values by following the instructions under Get tenant and app ID values for signing in, then return here and continue to step 5.
   • Record the values for the Application (client) ID and Directory (tenant) ID so they may be entered into Netreo later.
5. Retrieve the subscription ID by following the instructions in the document linked below, then return here and continue to step 6.
   • https://docs.microsoft.com/en-us/azure/media-services/latest/setup-azure-subscription-how-to?tabs=portal
   • Record the value for your Subscription ID so it may be entered into Netreo later.
6. Continue to the Netreo configuration instructions below.

Netreo Configuration

As a reminder, you will need the following information from the steps above:

• Your Azure AD application name.
• Your application secret.
• Your Application (client) ID.
• Your Directory (tenant) ID.
• Your Subscription ID.

After you have completed the steps in the Azure configuration instructions above and registered an application in Azure AD, you must log in to Netreo to configure it to communicate with your application.

1. Log in to Netreo as a user with the SuperAdmin access level.
2. Navigate to the Cloud Monitoring Administration page by selecting Administration > Modules > Cloud Monitoring from the main menu.
3. In the Azure section, select Add Azure.
4. In the dialog that appears:
   1. In the NAME field, enter the name of your Azure AD application.
   2. In the APPLICATION ID field, enter your Application (client) ID.
   3. In the APPLICATION KEY field, enter your application secret.
   4. In the TENANT ID field, enter your Directory (tenant) ID.
   5. In the SUBSCRIPTION ID field, enter your Subscription ID.
   6. If you want Netreo to poll discovered VMs (virtual machines) for availability and performance monitoring, select the checkbox for the AUTOMATIC GUESTS POLLING & MONITORING  field.
      • If you uncheck this option, Netreo will discover and add Azure VMs as managed devices but will not monitor them for availability or performance.
   7. Select Save.

Azure OAUTH 2.0 Configuration

In order for Netreo to use the OAUTH 2.0 options in its email configuration, you must set up some settings in your Microsoft Azure account.

The instructions below make use of the following official Microsoft documentation: Quickstart: Register an application with the Microsoft identity platform

For your convenience, each step in the instructions below will include a link directly to the applicable section of those instructions.

1. Register an application in Azure using the instructions found here.
   1. When you have finished registering your application, a summary page appears. Many of the values required to configure Netreo to work with this application can be found on this summary page. The summary page can later be found in Azure by clicking on the name of the application in the applications list while logged in to the Azure portal.
2. Configure the platform settings for your application using the instructions found here.
   1. For the application type, select "Web" under the Web Application section.
   2. While configuring the settings, use the following for the redirect URI: https://localhost/fw/index.php?r=email-art/authenticate-oauth2 (Replace "localhost" with the address of your Netreo deployment)
3. Add credentials to your application using the instructions found here.
   1. When done adding credentials, make note of the "Value" of your client secret (not its "Secret ID"). You will need this value when configuring Netreo to work with this application.
4. Add API permissions to your application using the instructions below.
   1. From your application's Manage menu on the left select API permissions.
   2. In the Configured permissions area select Add a permission.
      1. Select Microsoft Graph.
      2. Select Delegated Permissions.
         1. In the permissions list, locate and select the following permissions:
            • offline_access
            • IMAP.AccessAsUser.All
            • POP.AccessAsUser.All
            • SMTP.Send
            • User.Read
      3. Select Add permission.
   3. After all permissions are added, select Grant admin consent for (your application) at the top of the permissions list to make sure all permissions are correctly granted.
5. You are finished configuring Azure for OAUTH 2.0 use in Netreo.

After the configuration is complete, Netreo begins its scheduled polling of your Azure account (approximately every hour) to detect any supported VMs and/or services. It may take some time for the polling process to complete so please be patient.