About the Altitude 365 Cloud and Adoption Reports
The Altitude 365 cloud cost and adoption reports uses customer license- and usage data to provide analysis and valuable insights for our cloud customers. The customer data is fetched from the customer tenant via Microsoft Graph, is then stored in Azure SQL and consumed in Power BI. The data is encrypted during transfer and in rest.
This article explains the steps a new customer must perform to allow Altitude 365 to fetch license and usage data. No user account is required by Altitude 365. Instead, the customer registers an application/service principal in Azure AD representing the Graph connection and grants it the required permissions. This is a modern and secure way of exchanging data.
Configure your Tenant
For the Altitude 365 report engine to be able to connect to Microsoft Graph and fetch the required data, the customer must first register an app in Azure AD and grant it the correct permissions. You can do this in the Azure Portal.
Open the Azure Portal and login as a Global Admin.
Go to Azure Active Directory and App registrations.
Create a new app and fill in the form like this.
Note the Application ID (sometimes refereed to as Client ID) as Altitude 365 needs this to connect.
Open the properties of the new app and click on Keys. Create a new key (sometimes refereed to as a Client Secret) by entering a description like GraphAPI and then click Save.
Note the key value that will show up under Value (you can only see the key this one time so make sure you save it. Altitude 365 requires this as well).
Click on Required permissions and then on Add.
Chose Microsoft Graph under API.
Chose the following Application Permissions under Select permissions (do NOT select Delegated Permissions).
- Read all users full profile
- Read all usage reports
Grant the permissions that we added by clicking Grant permissions. This must be done by an administrator so if you don’t have administrative permissions in Azure AD you have to ask an administrator to grant the permissions for you.
We are all done! Please send the following information to your contact at Altitude 365.
- Tenant name (something.onmicrosoft.com)
- Client ID (same thing as the Application ID you noted earlier)
- Client Secret (same as the Key value you noted earlier)