How to access other tenants and subscriptions in Azure?

Holger Lehmann 1 Reputation point
2020-11-24T12:00:03.697+00:00

we are trying to write some application to retrieve metrics from Azure Monitor Service for collecting data and shipping them to Prometheus.

One tenant with many subsriptions is ok. We are using an app registration and a corresponding enterprise application (aka service principal).

With the identifiers of the app registration (usbscription_id, tenant_id, client_id and client_secret) a java app is registering in Azure and collecting this data.

But let's imagine that we could access our customers tenants and subscription in this way. How could this be done in detail ?

We only want to use "our" subscription once and not the access data of the customer. There must be another way to proceed. Maybe some export of the service principal or something.

Regards Holger

Azure Monitor
Azure Monitor
An Azure service that is used to collect, analyze, and act on telemetry data from Azure and on-premises environments.
2,798 questions
Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
19,455 questions

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Sam Cogan 10,157 Reputation points MVP
    2020-11-24T14:13:16.427+00:00

    You would need to create a service principal, or have the client create it, in the clients tenant. This SP would then be granted access to the required resources and your app would use that.

    You may also want to look at Azure Lighthouse which may assist with access client subscriptions.

    2 people found this answer helpful.
    0 comments