The top-level administrator in your Azure Enterprise account can create accounts at lower levels of your organization. Each of these accounts can have one or more subscriptions inside it. In order for the resources in each account (and the resources of its subscriptions) to be correctly inventoried in VMware Cloud services, each account must follow the procedure in this section.
About this task
To properly ensure that the resources of each subscription inside your account are inventoried correctly in VMware Cloud services, you must do the following.
When an account is set up in Azure Enterprise, an account owner is assigned to it. The account owner becomes the administrator for that account. Like an individual account in Azure, an account set up inside Azure Enterprise gets a set of credentials that identify the account:
Subscription ID - Grants access to your Azure subscriptions.
Tenant ID - The authorization endpoint for the application you create in your account.
The administrator for an account can create subscriptions inside it. Each subscription acts like an individual account inside the account. But, each subscription does not get its own credentials. It uses the same credentials as the account where it is set up.
- The administrator of the account that contains the subscriptions must set permissions on the subscriptions so their resource data can be collected.
- The best way to collect the data from the subscriptions is to write an application that collects this data. This is no different than writing an application inside an individual Azure account.
- Azure assigns the following identifiers to the application you write for your subscriptions:
Client Application ID - Identifies the application to Microsoft Active Directory.
Client Application Secret Key - The unique secret key generated to pair with your Client Application ID.
- Enter the four identifiers for your account and application into the Add New Account form of the Discovery service. For information on how to collect the identifiers, see Collect Your Azure Enterprise Account Details. For information on how to enter the identifiers into the Add New Account form, see Fill In the Azure Enterprise Add New Account Form.
- Do steps 1-4 for every new account you create in your Azure Enterprise account. If you do not register each new account and its subscriptions with VMware Cloud services, the resources for the account are not listed in the Discovery service.