Overview
To be able to start a Live Optics Azure collection, you need to enter a Client ID, a Client Secret, a Subscription ID as well as a tenant ID as credentials. Live Optics recommends that you create a temporary Service Principle account with a read only permission that is used solely for the purposes of the Live Optics collection. This document will help you understand how to create and get the credentials with the correct privileges to run a Live Optics Collection.
Steps
- From Azure Portal, click on the PowerShell Icon
2. Type the below command in PowerShell to get the list of your Subscription IDs
PS/home/username>az account list
- Choose the Subscription ID you want to run the Live Optics collection on from the list above. (You will need this Subscription ID for the collector Authentication)
- Set Subscription you want to create the ServicePrincipal for using the below command.
PS/home/username>az account set --subscription <subscription ID>
5. Run the below command to make sure you are on the correct Subscription and to get both the Tenant ID and the Subscription ID needed for the collector Authentication.
PS/home/username>az account show
6. To create the Service Principle with Reader Permissions on the subscription run the below command. Then get the Client ID, and Client Secret highlighted below which you will need for the collector authentication.
PS/home/username>az ad sp create-for-rbac --name http://<Service Principle Name> --role reader
Note: You can choose any name for the Service Principle, just make sure to start with http://
Reader Role
For more information on the Reader role please check Azure Documentation using this link : https://docs.microsoft.com/en-us/azure/role-based-access-control/built-in-roles#reader