top of page
nmsguru

Discovering your Azure Multi Tenant Estate

Updated: Oct 4

Some organizations are handling multiple Azure tenants due to various reasons. These could be due mergers and acquisitions, separation of business activities, MSP / CSP scenarios etc.

Our Azure sensor pack is capable of discovering and monitoring multiple Azure tenants and this blog explains the technical details of its operation.


The first step to discover multiple tenants, would be either using our UI or CLI to add the connection profile of each tenant you plan to monitor:

You need to specify the full connection details of each Azure tenant and press Apply to save them. Pressing Config Check will validate the connection to Azure and the ability to obtain

information about the tenant.


The configuration check will run in the context of the chosen tenant connection profile. Below you can see how a good connectivity check looks like:

The first tenant connection profile is always saved in the AutoMonx_AzureSensor.ini file, in the Azure Sensor installation directory. This is a compatibility option aimed at those that start with a single tenant and later-on add more tenants. Any additional tenants are added to the AzureConnProfiles.ini file.


Automating the Addition of Tenants

If you have a large number of Azure tenants, you may want to use our extensive CLI to add the connection profiles via a script.

# Create a connection profile

AutoMonX_AzureCollector.exe -create_conn_profile -tenant_label "Display Label" -azure_appid <AppID> -azure_secretkey <Secret Key>


The command above will update the relevant files (AzureSensor.ini or AzureConnProfiles.ini). Below is an example of AzureConnProfiles.ini file. Each tenant is given an internal number (see below in bold):


[PROFILES]

1_AZURE_LABEL=MicrosoftPartner1

1_AZURE_AD_ID=818181822-333333-94q0-g4j5-386e5f3abcde

1_AZURE_PASS=818181822-33333-94q0-g4j5-386e5f3abcde

1_AZURE_TENANT=818181822-3333-94q0-g4j5-386e5f3abcde


2_AZURE_LABEL=AcmeCorp

2_AZURE_AD_ID=818181822-333333-94q0-g4j5-386e5f3abcde

2_AZURE_PASS=818181822-333333-94q0-g4j5-386e5f3abcde

2_AZURE_TENANT=818181822-333333-94q0-g4j5-386e5f3abcde

Azure Discovery Optimization

If you use -All parameter in your discovery CLI options, it will go ahead and discover all the subscriptions of a specific tenant with all their resources and metrics. Using only this option may take several hours to complete, depending on the size of your Azure estate. However, our discovery CLI offers the following optimization options:


-sub Discover only a specific subscription. If you have many multiple subscriptions this could be a significant time saver

-resources Discover only the Azure resources. This option allows much quicker discovery (50% less discovery time) and helps to identify more quickly which new resources were added.

-whitelist You can combine this option with -resources to narrow down your discovery only for specific subscriptions and resource types. It instructs the discovery process to consult two configuration files: include_mon.csv and exclude_mon.csv.

See our Azure Sensor Auto Discovery blog for more details.


-metrics Discover the performance metrics of the Azure resources discovered during the partial discovery with the -resources option.


The -tenant option functionality:

Use this CLI option with the ID number of the tenant as it appears in the AzureConnProfiles.ini file. Below is an example - the tenant numbers are in bold:


[PROFILES]

1_AZURE_LABEL=MicrosoftPartner1

1_AZURE_AD_ID=818181822-333333-94q0-g4j5-386e5f3abcde

1_AZURE_PASS=818181822-33333-94q0-g4j5-386e5f3abcde

1_AZURE_TENANT=818181822-3333-94q0-g4j5-386e5f3abcde


2_AZURE_LABEL=AcmeCorp

2_AZURE_AD_ID=818181822-333333-94q0-g4j5-386e5f3abcde

2_AZURE_PASS=818181822-333333-94q0-g4j5-386e5f3abcde

2_AZURE_TENANT=818181822-333333-94q0-g4j5-386e5f3abcde


3_AZURE_LABEL=TwitterCorp

3_AZURE_AD_ID=818181822-333333-94q0-g4j5-386e5f3abcde

3_AZURE_PASS=818181822-333333-94q0-g4j5-386e5f3abcde

3_AZURE_TENANT=818181822-333333-94q0-g4j5-386e5f3abcde


Running a connectivity check against newly added Tenants

The first tenant details are added to the AzureSensor.ini file. No need to specify its number as it is the default tenant:

Automonx_AzureCollector.exe -config_check


Connectivity check of the 1st tenant in the Connections profiles file:

Automonx_AzureCollector.exe -config_check -tenant 1


Running Azure Auto-Discovery via CLI

Fully discovering (resources and metrics) for the 2nd tenant and its subscriptions:

Automonx_AzureCollector.exe -discovery -sub -All -outmode -tenant 2


Discovering the 2nd tenant using the optimized discovery options (specific subscription, resources only, whitelists, excluided lists)

Automonx_AzureCollector.exe -discovery -sub <subscription name> -resources -whitelist -outmode -tenant 2


Fully Discover the 2nd tenant in Connections profile file using the optimized discovery options (resources and metrics, whitelists, excluded lists)

Automonx_AzureCollector.exe -discovery -sub -All -resources -whitelist -outmode -tenant 2

Automonx_AzureCollector.exe -discovery -sub -All -metrics -whitelist -outmode -tenant 2


Note: If you have migrated from a single tenant to multi-tenant, you don't need to specify the tenant ID when running discovery for the original tenant that appears

in the Automonx_AzureSensor.ini file.


Adding the discovered Azure resources and their metrics to PRTG

The command below reads the files produced by the Auto discovery and pushes them to PRTG (via our monitoring automation) in a structure we automatically create as seen below.


Important: make sure to fully discover the Azure resources you plan to push to PRTG as explained above (resources and metrics) before adding them to PRTG.


AutoMonX_PRTG_Automation.exe -file <csv_file> -p <passhash> [-group <PRTG target_group>]


In case of adding several Azure tenants to PRTG, each tenant would be created under the root directory (i.e. AutoMonX_Azure) and the structure of subscriptions and resource types would be created beneath it.


The results of the Azure discovery files are located in the following folder:

<Drive>:\Program Files (x86)\PRTG Network Monitor\Custom Sensors\EXEXML\AutoMonX\Azure\Data


Files that belong to specific Azure tenants are starting with their tenantID (0, 2, 3 etc) as they appear in the AzureConnProfiles.ini










73 views0 comments

Comments


bottom of page