Some organizations are handling multiple Azure tenants due to various reasons. These could be due mergers and acquisitions, separation of business activities, MSP / CSP scenarios etc.
Our Azure sensor pack is capable of discovering and monitoring multiple Azure tenants and this blog explains the technical details of its operation.
The first step to discover multiple tenants, would be either using our UI or CLI to add the connection profile of each tenant you plan to monitor:
You need to specify the full connection details of each Azure tenant and press Apply to save them. Pressing Config Check will validate the connection to Azure and the ability to obtain
information about the tenant.
The configuration check will run in the context of the chosen tenant connection profile. Below you can see how a good connectivity check looks like:
The first tenant connection profile is always saved in the AutoMonx_AzureSensor.ini file, in the Azure Sensor installation directory. This is a compatibility option aimed at those that start with a single tenant and later-on add more tenants. Any additional tenants are added to the AzureConnProfiles.ini file.
Automating the Addition of Tenants
If you have a large number of Azure tenants, you may want to use our extensive CLI to add the connection profiles via a script.
# Create a connection profile
AutoMonX_AzureCollector.exe -create_conn_profile -tenant_label "Display Label" -azure_appid <AppID> -azure_secretkey <Secret Key>
The command above will update the relevant files (AzureSensor.ini or AzureConnProfiles.ini). Below is an example of AzureConnProfiles.ini file. Each tenant is given an internal number (see below in bold):
[PROFILES]
1_AZURE_LABEL=MicrosoftPartner1
1_AZURE_AD_ID=818181822-333333-94q0-g4j5-386e5f3abcde
1_AZURE_PASS=818181822-33333-94q0-g4j5-386e5f3abcde
1_AZURE_TENANT=818181822-3333-94q0-g4j5-386e5f3abcde
2_AZURE_LABEL=AcmeCorp
2_AZURE_AD_ID=818181822-333333-94q0-g4j5-386e5f3abcde
2_AZURE_PASS=818181822-333333-94q0-g4j5-386e5f3abcde
2_AZURE_TENANT=818181822-333333-94q0-g4j5-386e5f3abcde
Azure Discovery Optimization
If you use -All parameter in your discovery CLI options, it will go ahead and discover all the subscriptions of a specific tenant with all their resources and metrics. Using only this option may take several hours to complete, depending on the size of your Azure estate. However, our discovery CLI offers the following optimization options:
-sub Discover only a specific subscription. If you have many multiple subscriptions this could be a significant time saver
-resources Discover only the Azure resources. This option allows much quicker discovery (50% less discovery time) and helps to identify more quickly which new resources were added.
-whitelist You can combine this option with -resources to narrow down your discovery only for specific subscriptions and resource types. It instructs the discovery process to consult two configuration files: include_mon.csv and exclude_mon.csv.
See our Azure Sensor Auto Discovery blog for more details.
-metrics Discover the performance metrics of the Azure resources discovered during the partial discovery with the -resources option.
The -tenant option functionality:
Use this CLI option with the ID number of the tenant as it appears in the AzureConnProfiles.ini file. Below is an example - the tenant numbers are in bold:
[PROFILES]
1_AZURE_LABEL=MicrosoftPartner1
1_AZURE_AD_ID=818181822-333333-94q0-g4j5-386e5f3abcde
1_AZURE_PASS=818181822-33333-94q0-g4j5-386e5f3abcde
1_AZURE_TENANT=818181822-3333-94q0-g4j5-386e5f3abcde
2_AZURE_LABEL=AcmeCorp
2_AZURE_AD_ID=818181822-333333-94q0-g4j5-386e5f3abcde
2_AZURE_PASS=818181822-333333-94q0-g4j5-386e5f3abcde
2_AZURE_TENANT=818181822-333333-94q0-g4j5-386e5f3abcde
3_AZURE_LABEL=TwitterCorp
3_AZURE_AD_ID=818181822-333333-94q0-g4j5-386e5f3abcde
3_AZURE_PASS=818181822-333333-94q0-g4j5-386e5f3abcde
3_AZURE_TENANT=818181822-333333-94q0-g4j5-386e5f3abcde
Running a connectivity check against newly added Tenants
The first tenant details are added to the AzureSensor.ini file. No need to specify its number as it is the default tenant:
Automonx_AzureCollector.exe -config_check
Connectivity check of the 1st tenant in the Connections profiles file:
Automonx_AzureCollector.exe -config_check -tenant 1
Running Azure Auto-Discovery via CLI
Fully discovering (resources and metrics) for the 2nd tenant and its subscriptions:
Automonx_AzureCollector.exe -discovery -sub -All -outmode -tenant 2
Discovering the 2nd tenant using the optimized discovery options (specific subscription, resources only, whitelists, excluided lists)
Automonx_AzureCollector.exe -discovery -sub <subscription name> -resources -whitelist -outmode -tenant 2
Fully Discover the 2nd tenant in Connections profile file using the optimized discovery options (resources and metrics, whitelists, excluded lists)
Automonx_AzureCollector.exe -discovery -sub -All -resources -whitelist -outmode -tenant 2
Automonx_AzureCollector.exe -discovery -sub -All -metrics -whitelist -outmode -tenant 2
Note: If you have migrated from a single tenant to multi-tenant, you don't need to specify the tenant ID when running discovery for the original tenant that appears
in the Automonx_AzureSensor.ini file.
Adding the discovered Azure resources and their metrics to PRTG
The command below reads the files produced by the Auto discovery and pushes them to PRTG (via our monitoring automation) in a structure we automatically create as seen below.
Important: make sure to fully discover the Azure resources you plan to push to PRTG as explained above (resources and metrics) before adding them to PRTG.
AutoMonX_PRTG_Automation.exe -file <csv_file> -p <passhash> [-group <PRTG target_group>]
In case of adding several Azure tenants to PRTG, each tenant would be created under the root directory (i.e. AutoMonX_Azure) and the structure of subscriptions and resource types would be created beneath it.
The results of the Azure discovery files are located in the following folder:
<Drive>:\Program Files (x86)\PRTG Network Monitor\Custom Sensors\EXEXML\AutoMonX\Azure\Data
Files that belong to specific Azure tenants are starting with their tenantID (0, 2, 3 etc) as they appear in the AzureConnProfiles.ini
Comments