Skip to content

[DOCS-11197] Add permissions section #29974

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

[DOCS-11197] Add permissions section #29974

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
32 changes: 31 additions & 1 deletion content/en/integrations/guide/azure-manual-setup.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,6 +1,5 @@
---
title: Azure Integration Manual Setup Guide

description: "Steps for manually setting up the Datadog Azure integration"
further_reading:
- link: "https://docs.datadoghq.com/agent/faq/why-should-i-install-the-agent-on-my-cloud-instances/"
Expand Down Expand Up @@ -33,6 +32,33 @@ Use this guide to manually set up the [Datadog Azure integration][1] through an

## Setup

{{% collapse-content title="Permissions required for integration setup" level="h4" expanded=false id="required-permissions" %}}

#### In Azure

Your Microsoft Entra ID user needs the following permissions:

##### Permission to create an app registration

**One** of the following must be true for the user:

- `Users can register applications` has been set to `Yes`
- The user has the [Application Developer][17] role

##### Permission to assign `Monitoring Reader` permissions

The `Microsoft.Authorization/roleAssignments/write` permission is required, scoped to any subscriptions or management groups to monitor. This permission is part of the [Role Based Access Control Administrator role][14].

##### Permission to add and grant consent for Graph API permissions

The [Privileged Role Administrator role][15] contains the required permissions.

#### In Datadog

A Datadog [Application key][16] with at least the `azure_configurations_manage` permission.

{{% /collapse-content %}}

### Integrating through the Azure CLI

To integrate Datadog with Azure using the Azure CLI, Datadog recommends using the [Azure Cloud Shell][7].
Expand Down Expand Up @@ -323,3 +349,7 @@ See the [Azure Logging guide][5] to set up log forwarding from your Azure enviro
[9]: /monitors/notify/#configure-notifications-and-automations
[12]: https://learn.microsoft.com/azure/partner-solutions/datadog/overview
[13]: /integrations/guide/azure-native-manual-setup/
[14]: https://learn.microsoft.com/azure/role-based-access-control/built-in-roles/privileged#role-based-access-control-administrator
[15]: https://learn.microsoft.com/entra/identity/role-based-access-control/permissions-reference#privileged-role-administrator
[16]: /account_management/api-app-keys/#application-keys
[17]: https://learn.microsoft.com/entra/identity/role-based-access-control/permissions-reference#application-developer
Loading