You can add Microsoft Azure Subscription as a data source in vRealize Network Insight Cloud.

You must have the following permission:
  • Microsoft.Resources/subscriptions/read
  • Microsoft.Compute/virtualMachines/read
  • Microsoft.Network/virtualNetworks/read

  • Microsoft.Network/networkSecurityGroups/read

  • Microsoft.Network/networkInterfaces/read

  • Microsoft.Network/applicationSecurityGroups/read

  • Microsoft.Storage/storageAccounts/read

  • Microsoft.Storage/storageAccounts/listkeys/action

  • Microsoft.Network/networkWatchers/queryFlowLogStatus/*

  • Microsoft.Network/networkWatchers/read

Alternatively, for ease of use, you can add the Storage Account Key Operator Service Role, Network Contributor, and Reader permission.


  1. On the Settings page, click Accounts and Data Sources.
  2. Click Add Source.
  3. Under the Public Clouds group, click Microsoft Azure.
  4. In the Add a New Azure Subscription page, provide the required information.
    Option Action
    Collector VM Select a collector VM from the drop-down menu.
    Tenant ID Enter the tenant ID of Azure active directory (AD).
    Application ID Enter the application ID.
    Application Secret Key Enter the application secret key.
    Subscription ID Enter the subscriptions ID.
    Web Proxy (Optional) Select a web proxy from the drop-down menu.
    Note: The Web Proxy (Optional) is visible only if you have configured a web proxy in vRealize Network Insight Cloud.
  5. Click Validate.
    You must have at least one VM, network security group (NSG), NIC, and VNet for a successful validation.
  6. (Optional) If you want to collect the NSG flow logs to get details insight on flows, then select Enable NSG flow data collection check box.
  7. In the Nickname text box, enter a nickname.
  8. (Optional) In the Notes text box, you can add a note if necessary.
  9. Click Submit.