Skip to main content
Skip table of contents

How to onboard an Azure MCA Account

Onboarding Azure Accounts to Yotascale™ Software

To onboard your Azure accounts with Yotascale, we need to make sure your Azure account type meets the minimum criteria, and that you have a user available with the required roles. 

Note: we will ask you to log in to your Azure console from the Yotascale Azure onboarding. We are not storing your credentials. All we need is to get access to your Cost Export Files. The login is to allow us to be able to get access to the Storage Keys for the Container where the Cost Export Files are saved.

Summary of the Steps to Onboard Your Azure Subscriptions

  1. You need to have a user that has Reader and Data Access to your Billing Account and Subscriptions

  2. Yotascale will read Export Files for each Subscription for Cost Usage and Purchase data. No user credentials are stored

  3. The Roles that are required are for Billing Account Reader, and the Subscription Reader and Data Access

  4. You need to onboard each of your Subscriptions for full visibility

Azure-Side Prep Work

Prerequisite 1: Azure account type

Your Azure account must be of the type: MCA (Microsoft Customer Agreement).
We need to be able to access the Cost Export Files from each of your Azure. Subscriptions in order to get resource usage and costs. If did not yet enable cost Export files for your Azure Subscriptions, this document shows how you can do it.

Prerequisite 2: Azure user that will be used to enroll with Yotascale

These are the roles that are needed for your Azure Billing Account and Subscriptions.
Please note that the roles are done on a per Subscription level and as such you need to have access to each of your Subscriptions to onboard them with Yotascale.

Resource

Role (any of these will work)

Billing Account

  • Billing Account Reader

  • Billing Account Contributor

  • Billing Account Owner

Subscriptions

  • Reader and Data Access

  • Storage Account Contributor

  • Contributor

  • Owner

Please note that for the Subscription Reader is not enough because that Role does not give access to the Cost Export Files.
To access the Export files for each Subscription, the roles in the table are the only option. This is information is clarified in this Azure document, which shows the roles needed to access the keys to the Storage Blob Data.

Prerequisite 3: Azure user needs to have Role access to Subscriptions and Billing Accounts

For each Subscription, the minimum Role needed is: Reader and Data Access
For the Subscription Billing Account, the minimum role is: Billing Reader
The user that will be used to onboard your Azure account with Yotascale needs to have the role of “Billing profile owner”.

Setup Permission for the Azure Billing Account

For each Billing Account, you want to enroll, ask your Azure Admin to:

  1. Open the Billing Account by opening the “Cost Management + Billing”

  2. Open the “Billing Account” you need access to, in this example the “Yotascale, Inc.”

  3. Click in Access Control (IAM)

  4. Click in “Add +” and add the Role of “Billing Account Reader” to the user that will onboard with Yotascale

  6. Save and you’re done with the Billing Account

Setup Permissions to each Azure Subscription

If the user still does not have Reader and Data Access (or a superior Role) to your Subscriptions, please follow these steps.

For each Subscription:

  1. Open the Subscriptions page from Search or Menu:

  2. Click on the Subscription you want to add

  3. Click on Access Control (IAM)

  4. Click on “+ Add” to add a Role

  5. Add the “Reader and Data Access” Role or a Superior Role. Select the user you want to add

  7. Save it and you’re done with Subscription Permissions

Register the Resource Provider for the Azure Subscription where you want to store Cost Export files to allow for CostExport

It may happen (because of security company policy) that the Azure Subscription where you will create Export files is not registered to allow the Export service to run.

If that is the case, you will see an error stating that the Resource is not Registered.

you need to then Register the export service.

From Subscription - Resource Providers, go and “Register” the “Microsoft.CostManagementExports” and “Microsoft.CostManagement” as in this screenshot:

Setup Daily Usage and Purchase Export Files for Actual and Amortized Billing

You need to have Daily Export Files for Usage and Purchase enabled per Subscription so that Yotascale can read your usage and costs details.

For each of your Subscriptions follow these steps to enable the Export Files, in case you have not done it yet.
If you do actually already have created Export, but you see an error showing that we cannot read them, then it is because your IAM Role to the Subscription does not allow us to programmatically read from your Export files.

Please make sure you have one of these permission Roles to your Azure Subscription by following these steps.

Resource

Role

Subscriptions

  • Reader and Data Access

  • Storage Account Contributor

  • Contributor

  • Owner

To create Export files for a Subscription, you can either follow the steps highlighted below or follow the steps from this Azure guide to creating such an Export. 

This needs to be done for both:

  • Actual cost (Usage and Purchases) - Select to export standard usage and purchases

  • Amortized cost (Usage and Purchases) - Select to export amortized costs for purchases like Azure reservations 

These are the steps to enable the Cost Export Files for a Subscription:

  1. Go to your Cost Management and BIlling in your Azure account that you want to onboard with Yotascale

  2. Click in the Billing Account you want to onboard with Yotascale

  3. Click on Exports on the left menu at the bottom:

  5. Example of what it looks like:

After you save, you’re done with Export Files. Remember you need to do this for the two types of billing data (Actual and Amortized).

Yotascale Side Steps to Onboard Your Azure Subscriptions

  1. Login to your Yotascale account as an “Admin”

  2. Go to Settings - Manage Connections

  3. Click on “Add Account” and select Azure - MCA:

  5. Click on:

  6. Sign in with the same user mentioned above in the Azure-Side Prerequisites section

  7. You may get a popup to confirm your Azure Active Directory:

  8. It is possible that you get a “Token Renewal Failed”. In that case, you need to click on Get Token:

  9. Select the account which you want to onboard to Yotascale (once we have a token, we will fetch your Billing Account info)

  10. Yotasale will verify that this user can read from the Billing Account, Subscription, and Export Files. If the user does have the Roles with Permission to access these resources, the user is not ready to onboard the account and needs to go back to the pre-requisites section in this document to get those Role Permissions:

  12. Select the correct Billing Profile  from the respective drop-down 

  13. Select the correct Subscription ID from the respective drop-down 

  14. The form will be auto-populated

  15. Verify the location of your Export Files is correct and click the 'Save' button.

  16. This is a screenshot of an example you should see before you Save the account connection:


DEFAULT



JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close