[CLI] Azure Billing Account Onboarding for Target
The Target Company is required to implement the following steps within the Azure Cloud Shell. Please sign in to the Azure console using the Admin account where billing has been set up, and then initiate the Cloud Shell from the navigation bar.
To create the Azure Active Directory (AAD) app, it is recommended to have the Owner role. Alternatively, you can have both the Contributor and User Access Administrator role.
Step-1: Create AD Application
Execute the following command to create AD App
az ad sp create-for-rbac --display-name "<APP_NAME>" --years=2 -o table<APP_NAME>: AD app name of your choiceAfter executing the command, capture the App id, Password(secret) & Tenant to share with the partner.
To assign permissions to the Azure Active Directory (AAD) app, it is recommended to have the Owner role. Alternatively, you can have both the Contributor and User Access Administrator roles.
Step-2: Assign permission to the app
If you are onboarding billing scope as billing Follow the below steps for assigning permission to the app
a. Login to Azure console > Click on Menu > Cost Management + Billing > Access Control (IAM)
b. Click Add > Select the Billing account reader > Enter the app created in Step-1 above.
Follow this link to get detailed steps Step -2: Assign permissions to the app
If you are onboarding subscription scope as billing. Execute the following command to assign permission to the app.
az role assignment create --assignee "<APP_ID>" --role "Cost Management Reader" --scope /subscriptions/<SUBSCRIPTION_ID><APP-ID>: AD app id captured in Step-1<SUBSCRIPTION_ID>: Your subscription id you wish to onboard
Step-3: Capture the below details from the above steps and share them with your partner.
Account ID: Follow this to get Acc id Retrieve Account ID (This is required if you are onboarding Billing scope)
Application (Client) ID
Active Directory (Tenant) ID
Application (Client) Secret
Subscription Id