About the Altitude 365 Cloud and Adoption Reports
The Altitude 365 cloud cost and adoption reports uses customer license- and usage data to provide analysis and valuable insights for our cloud customers. The customer data is fetched from the customer tenant via Microsoft Graph, is then stored in Azure SQL and consumed in Power BI. The data is encrypted during transfer and in rest.
This article explains the steps a new customer must take to allow Altitude 365 to fetch license and usage data. No user account is required by Altitude 365. Instead, the customer registers an application/service principal in Azure AD representing the Graph connection and grants it the required permissions. This is a modern and secure way of exchanging data.
Configure your Tenant
For the Altitude 365 report engine to be able to connect to Microsoft Graph and fetch the required data, the customer must first register an app in Azure AD and grant it the correct permissions. You can do this in the Azure Portal.
Open the Azure Portal and login as a Global Admin.
Go to Azure Active Directory and App registrations.
Create a new app and fill in the form like this.
Note the Application (client) ID in the application properties as Altitude 365 needs this to connect.
Go to Certificates & secrets of the new application. Create a new client secret called GraphAPI, click on Never expires and then click Add.
Note the key value that will show up under Value (you can only see the secret this one time so make sure you save it. Altitude 365 requires this as well).
Click on API permissions and then on Add a permission.
Chose Microsoft Graph.
Chose the following Application Permissions (do NOT select Delegated Permissions).
Save and then grant the permissions that we added by clicking Grant admin consent. This must be done by an administrator so if you don’t have administrative permissions in Azure AD you have to ask an administrator to grant the permissions for you.
We are all done! Please send the following information to your contact at Altitude 365.
- Tenant name (something.onmicrosoft.com)
- Application (client) ID
- Client Secret