# Connecting to an Azure MCA Account

## Basic Configuration Process for the Pier Cloud FinOps Platform

**Welcome to Pier Cloud!**

\
This document aims to serve as a guide to help you prepare the environment so that Pier Cloud can install the Platform modules in your account.

This process will allow Pier Cloud to have read-only access to billing information, with no possibility of modifying or deleting any data in your account. It will also provide read and edit access to items related to optimization (CCA).

The configurations described in this documentation are intended to enable the following modules: Lighthouse and CCA.

### Lighthouse and Cloud Compliance Analyzer (CCA)

Permissions and Service Principal Creation

#### **In the Azure environment:**

1. Log in to your account through the [Azure Portal](https://azure.microsoft.com/pt-br/get-started/azure-portal) and access the Microsoft Entra ID menu. This Service Principal can be used for Lighthouse, CCA, Reservations, and Savings Plans.

2. In the Microsoft Entra ID section, select App registrations from the side menu.

3. Click the + Add button and then select App registration.

4. Enter the desired application name. In Supported account types, choose Accounts in any organizational directory (Multitenant), and complete the process by clicking Register.<br>

5. After creating the application, generate a client secret.

6. Click **+ New client secret**, In the side form, click **Add**.

7. Copy the **generated secret value** and its **expiration date**, and save them in a secure location.

8. Click **Overview** and copy the following values **Application (client) ID, Directory (tenant) ID** and save them together with the previously collected information.

9. To finalize the process, it will be necessary to assign the Reader role at the Tenant level to the created Service Principal. In the search bar, look for **Management Groups**, then click on the **Tenant** to which the permission will be granted.

<figure><img src="https://1687673077-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FZ9sinLUl52lDK1vg6b8g%2Fuploads%2FQ9iPWfuBTcEJn0T9oH7k%2Fimage.png?alt=media&#x26;token=4d21fe24-bf9c-47ef-8261-7763add7eb3b" alt=""><figcaption></figcaption></figure>

10. Now, click on **Access control (IAM)**, then click on **+ Add** and select **Add role assignment**.

<figure><img src="https://1687673077-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FZ9sinLUl52lDK1vg6b8g%2Fuploads%2FrYkyu59ewWDOlUoCdher%2Fimage.png?alt=media&#x26;token=7f1589b5-a426-4984-8140-43f7c545635d" alt=""><figcaption></figcaption></figure>

11. Search for **Reader** and click **Next**.

<figure><img src="https://1687673077-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FZ9sinLUl52lDK1vg6b8g%2Fuploads%2FFdxN7xywtLCIVXZF0bHH%2Fimage.png?alt=media&#x26;token=9e4cbcdd-14d0-46a4-a43a-a4c80e031f7a" alt=""><figcaption></figcaption></figure>

12. On the next page, click **Select members**, search for the **Service Principal** in the left-side panel, **select** it, and click **Select**.

<figure><img src="https://1687673077-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FZ9sinLUl52lDK1vg6b8g%2Fuploads%2FBddUkx92D73sUp4flKhD%2Fimage.png?alt=media&#x26;token=9896cc2d-7a1d-4dc6-8c95-a2bcbab33ed9" alt=""><figcaption></figcaption></figure>

13. To finish, click **Review + assign**.

<figure><img src="https://1687673077-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FZ9sinLUl52lDK1vg6b8g%2Fuploads%2FSDbDe8kr02Pe0QXZMFsP%2Fimage.png?alt=media&#x26;token=a3803872-03ad-49e8-b5c6-ab513c6779cf" alt=""><figcaption></figcaption></figure>

#### In the Pier Cloud Platform: <a href="#in-the-pier-cloud-platform" id="in-the-pier-cloud-platform"></a>

#### **Secret Creation**

1. By clicking on the user profile icon and selecting the “**Settings**” option, as illustrated below:

<figure><img src="https://docs.piercloud.com.br/plataforma-de-finops/~gitbook/image?url=https%3A%2F%2F1687673077-files.gitbook.io%2F%7E%2Ffiles%2Fv0%2Fb%2Fgitbook-x-prod.appspot.com%2Fo%2Fspaces%252FZ9sinLUl52lDK1vg6b8g%252Fuploads%252FTYrbWXAJD85VvDLj8ik1%252Fimage.png%3Falt%3Dmedia%26token%3D030cd85f-4113-4fee-ab9d-517b62b70353&#x26;width=768&#x26;dpr=4&#x26;quality=100&#x26;sign=e844cae2&#x26;sv=2" alt=""><figcaption></figcaption></figure>

2. The system will display a side menu with several configuration options. Click on the “**Secrets**” feature and then on “**Add**”, as illustrated below.

<figure><img src="https://docs.piercloud.com.br/plataforma-de-finops/~gitbook/image?url=https%3A%2F%2F1687673077-files.gitbook.io%2F%7E%2Ffiles%2Fv0%2Fb%2Fgitbook-x-prod.appspot.com%2Fo%2Fspaces%252FZ9sinLUl52lDK1vg6b8g%252Fuploads%252FWs9qSZARy9zv7LufP3D2%252Fimage.png%3Falt%3Dmedia%26token%3D06ce839a-fa6d-43bb-bd8d-e77679634f4a&#x26;width=768&#x26;dpr=4&#x26;quality=100&#x26;sign=7b748569&#x26;sv=2" alt=""><figcaption></figcaption></figure>

2. The system will display the secret registration screen, where you will need to fill in the following information:

* **Name**: Provide a name that identifies the secret being created.
* **Type**: Select Azure Billing.
* **Enrollment** **ID**: Enter the **Billing Account ID** information collected in step 3.1 in the Azure environment.
* **API** **Key**: This information will be a combination of the environment + secret + App ID.
* **App** **ID**: Enter the **Application (client) ID** information copied in step 8 from the Azure environment.
* **Tenant ID**: Enter the **Directory (tenant) ID** information copied in step 8 from the Azure environment.
* **Secret**: Enter the **Secret Value** information copied in step 7 from the Azure environment.

<figure><img src="https://1687673077-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FZ9sinLUl52lDK1vg6b8g%2Fuploads%2FvQve5r6WdXIfzGGpoGpk%2Fimage.png?alt=media&#x26;token=f0d6fd47-c58c-4d20-8845-3d8edbb1f4e4" alt=""><figcaption></figcaption></figure>

3. After completing the fields, click the **Save** button and your secret will be generated.

#### **Billing Connector Creation**

1. To proceed with the configuration, click on the **Billing Connector** feature in the side menu, and then click **Add Connector**.

<figure><img src="https://docs.piercloud.com.br/plataforma-de-finops/~gitbook/image?url=https%3A%2F%2F1687673077-files.gitbook.io%2F%7E%2Ffiles%2Fv0%2Fb%2Fgitbook-x-prod.appspot.com%2Fo%2Fspaces%252FZ9sinLUl52lDK1vg6b8g%252Fuploads%252FiqxOqFpNQljfOfJvinqU%252Fimage.png%3Falt%3Dmedia%26token%3Daa2d97bd-1568-4a44-925d-2a594bed4a0e&#x26;width=768&#x26;dpr=4&#x26;quality=100&#x26;sign=67263f60&#x26;sv=2" alt=""><figcaption></figcaption></figure>

2. The system will display the Billing Connector registration screen, where you will need to fill in the following information:

* **Type**: Select **Standard**.
* **Cloud Provider**: Select **Azure (Microsoft Azure)**.
* **Billing Connector Identification**: Provide a name that identifies the billing connector.
* **Select the secret for this billing connector**: Select the secret created in step 2 related to **Secret creation**.
* **Billing Type**: Select **MCA**.
* **Region**: Select the “**Standard**” option.

<figure><img src="https://1687673077-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FZ9sinLUl52lDK1vg6b8g%2Fuploads%2FEDntgRRlrgAIAswsx0si%2Fimage.png?alt=media&#x26;token=7fef455c-ec54-475c-9b8b-8fd9735eb784" alt=""><figcaption></figcaption></figure>

3. Finally, click **Save** and your Azure MCA billing connector will be successfully configured.