Im trying to configure Azure monitoring as per this guide:
However at 2.2 it does not look like the guide describing it.
There is no IAM. Have this been replaced by PIM?
And to use PIM it says you need to have a Azure AD P2 license.
Is this a requirement for Check MK Azure monitoring?
I’m running into the same issue. It would be great if this could get answered.
So I decided to see if I can replicate the permissions another way. I got this working but the permissions I assigned are likely overly broad, but it at least works!
Everything from here: Monitoring Microsoft Azure (checkmk.com) is the same, except for step 2.2.
Replace step 2.2 with the following:
From AAD portal click on your app registration that you’ve created. Go to “API permissions”.
Click “add a permission”
Click “Microsoft Graph”
Click “Application permissions”
Add the following permisisons:
Group.Read.All
User.Read.All
ServicePrincipalEndpoint.Read.All
Once added, click on “grant admin consent” (next to add a permission)
When creating the agent rule (step 3.2) you won’t use a subscription ID.
2 Likes
Cool, I will try that. My workaround was to use a powershell script as a local check.
This KB link seems to have become broken in the meantime.
Fixed the link above, thanks for the hint!
1 Like