Azure AD: Monitor Users and Sync Interval

Discussions and feedback on the Azure AD plug-in that is part of the Feature Pack 1

Tried to install it but ran into a snag, it needs 1.6.0.p9 but that is not released yet.

Cannot install package: The package requires Check_MK version 1.6.0p9, but you have 1.6.0p8 installed.

Does it have dependencies on 1.6.0p9 or can it be re-packaged for 1.6.8p8?

Sorry for the trouble. The package on the exchange has been changed to be installable on 1.6.0p8.

1 Like

I was able to install it.

This should work as long as we have the Microsoft Azure WATO (datasource) rule configured? What extra permissions are required in the cloud for this?

You need to set up an Application ID with the “reader” role assigned. We have documented what is to be done here: https://checkmk.de/cms_monitoring_azure.html (chapter 2)
Unfortunately the Azure Portal UI changes from time to time, so let us know if we need to update our guide!

1 Like

Is anyone using this already?

We had a working Azure monitoring (a few VMs). So the app in azure AD with their roles is already configured. Now I want to monitor Azure AD Sync Status for our Office 365 Business Essentials users.
I updated cmk raw to 1.6.0p9 and installed the Azure AD: Monitor Users and Sync mkp.
Now the Azure Agent Info service tells me “Graph client: Insufficient privileges to complete the operation.”

<<<azure_agent_info:sep(124)>>>
agent-bailout|[2, “Graph client: Insufficient privileges to complete the operation.”]

We have two Azure subscriptions. For the " Access to Azure Active Directory" Subscription I am not able to add roles, “The current subscription does not allow you to perform any actions on Azure resources. Use a different subscription.”. But I am the owner if this subscription.

I have the same issue “Graph client: Insufficient privileges to complete the operation”

Hi planet4,
Can you confirm that this is related to “Office 365” users in some way? I am not sure what is going on here, but I think it may be related to the fact that the Azure AD is located at the “Tenant” level, not Subscription level.

I have the same issue “Graph client: Insufficient privileges to complete the operation”

Hi,

as a Global Administrator in Azure Active Directory, you might not have access to all subscriptions and management groups in your directory.You need to elevate your access, as explained in the following article.