Im trying to configure Azure monitoring as per this guide:
However at 2.2 it does not look like the guide describing it.
There is no IAM. Have this been replaced by PIM?
And to use PIM it says you need to have a Azure AD P2 license.
Is this a requirement for Check MK Azure monitoring?
I’m running into the same issue. It would be great if this could get answered.
So I decided to see if I can replicate the permissions another way. I got this working but the permissions I assigned are likely overly broad, but it at least works!
Everything from here: Monitoring Microsoft Azure (checkmk.com) is the same, except for step 2.2.
Replace step 2.2 with the following:
From AAD portal click on your app registration that you’ve created. Go to “API permissions”.
Click “add a permission”
Click “Microsoft Graph”
Click “Application permissions”
Add the following permisisons:
Group.Read.All
User.Read.All
ServicePrincipalEndpoint.Read.All
Once added, click on “grant admin consent” (next to add a permission)
When creating the agent rule (step 3.2) you won’t use a subscription ID.
Cool, I will try that. My workaround was to use a powershell script as a local check.
We wrote this down here: Monitoring Microsoft Azure - Graph client: Insufficient privileges to complete the operation - Checkmk Knowledge Base - Checkmk Knowledge Base
Can you confirm, that these steps work four you?