Create an Active Directory application and generate a client secret for the application in the Microsoft Azure portal. You must use the client secret when you configure a cloud account for Azure VMware Solution.

Prerequisites

  • Ensure that you are using Microsoft Azure Cloud.
  • Ensure that you have a valid subscription in the Microsoft Azure portal with an Active Directory integration.

Procedure

  1. Log in to the Microsoft Azure portal.
  2. Create an application and generate a secret for the application. For details, see Creating an Azure AD application and service principal that can access resources.
    Complete the following tasks:
    1. Create an Azure Active Directory application.
      Note:
      • Ensure that the API Permission is 'Microsoft Graph User.Read'. Reader role for the Azure subscription with AVS private clouds deployed.
      • Custom role with read permissions on resource providers 'Microsoft.AVS', 'Microsoft.VMware' and 'microsoft.connectedvmwarevsphere'.
    2. Navigate to Subscriptions and select your subscription.
    3. In the left pane, click Access Control (IAM) and then click, Add > Add Role Assignment. Select the role you want to assign to the application. The minimum requirement is 'Reader' or above.
      Note: To provide access to a specific resource(s), create a Resource Group for the resource(s) and give access at the resource group level.
    4. Click Select members, and in the right pane, search for and add one or more members you want to assign to the role for the resource.
    5. Click Review + assign.
    6. Generate a client secret for the application. For details, see Creating an Azure AD application and service principal that can access resources.
    7. Copy the subscription ID, directory (tenant) ID, application (client) ID, and client secret to use in your cloud account.