CloudZero Academy
Guides
CloudZero Status
  1. Connect Your Cost Data
  2. Cloud Providers
  3. Connecting to Azure

Cloud Solution Provider (CSP)

Connect your Azure subscription acquired through a Cloud Solution Provider (CSP) agreement to CloudZero in five steps and see your Azure costs in a unified view within 24 hours. CloudZero connects through a read-only application registered in your Azure tenant (called a service principal). CloudZero uses the Billing Reader role, which provides read-only access to usage and billing data for a single subscription. CSP connections do not include invoice data such as taxes and fees. Marketplace purchases not directly associated with the subscription cannot be collected.

For full details on what CloudZero accesses, see Azure Permissions and Security.

ℹ️

If you have multiple subscriptions obtained through a CSP agreement, create a separate CloudZero connection for each subscription. The CloudZero service principal only needs to be authorized once per tenant.

Overview

Connecting a CSP subscription takes five steps:

  1. Retrieve IDs from Azure
  2. Configure the connection in CloudZero
  3. Authorize CloudZero in your Azure tenant
  4. Grant CloudZero read access to your billing data
  5. Verify the connection

What you need

  • CloudZero user with data configuration permissions
  • In Azure, the Owner role on the subscription you plan to connect (required to assign the Billing Reader role to the CloudZero application)
ℹ️

CloudZero supports Azure cost data in USD. If your Azure costs are billed in a different currency, reach out to your account manager.

Step 1: Retrieve IDs from Azure

You need two IDs: your tenant ID and your subscription ID.

Retrieve your tenant ID

  1. In the Azure Portal, navigate to your tenant directory (Microsoft Entra ID).
  2. Copy the Tenant ID for use in Step 2.
Copy your Tenant ID in the Azure Portal

Retrieve your subscription ID

  1. Navigate to Subscriptions and select the subscription you plan to connect.
  2. In the Overview, copy the Subscription ID for use in Step 2.
Example of a Subscription ID in the Azure Portal

Step 2: Configure the connection in CloudZero

  1. In CloudZero, go to Settings > Cloud Connections.
  2. Select Create Connection +.
  3. Select the Azure tile, then choose the Billing tile.
  4. Enter a Connection Name using letters, numbers, hyphens, or underscores only.
  5. Select Cloud Solution Provider from the Azure Agreement Type drop-down menu.
  6. Paste the tenant ID you copied in Step 1 into the Tenant ID field.
  7. Paste the subscription ID you copied in Step 1 into the Billing Account ID field (for CSP connections, this field accepts the subscription ID).
  8. Select Create Connection.

Step 3: Authorize CloudZero in your Azure tenant

If you have not connected this tenant to CloudZero before, CloudZero redirects you to Azure to register the CloudZeroPlatform application (service principal) in your tenant.

If you have already granted this authorization, proceed to Step 4.

  1. In Azure, check the Consent on behalf of your organization box.
  2. Select Accept.
Azure Permission Dialog

Azure registers the application in your tenant and redirects you to CloudZero.

ℹ️

It can take an hour or more for Azure to finish registering the application.

If approving the CloudZeroPlatform application through Azure's Admin Consent Requests results in the message Consent for CloudZeroPlatform was cancelled by user, have a user with the Global Administrator role (activated through Azure Privileged Identity Management if your organization uses PIM) perform Step 2 and Step 3.

Step 4: Grant CloudZero read access to your billing data

You must have the Owner role on the subscription to assign the Billing Reader role to the CloudZero application.

  1. In the Azure Portal, navigate to Subscriptions and select the subscription you connected to CloudZero.
  2. Select Access control (IAM).
  3. Select Add > Add role assignment.
  4. On the Role tab, search for and select the Billing Reader role.
  5. Select Next.
  6. On the Members tab, select User, group, or service principal.
  7. Choose Select members.
  8. Search for and select CloudZeroPlatform. If you do not see it in the search results, the application may still be registering. Wait an hour and try again.
  9. Select Next.
  10. Select Review + assign.

Step 5: Verify the connection

  1. In CloudZero, go to Settings > Cloud Connections.
  2. Select the newly created Azure connection in the Billing Connections table.
Billing Connections table showing a healthy Azure CSP connection

What to expect

After CloudZero processes the first data ingest, the connection status changes from Pending Data to Healthy. This can take several hours. Cost data appears in the Explorer within a day.

You can connect additional Azure subscriptions at any time by repeating this process. CloudZero supports organizations with multiple tenants.

Once your billing connection is active, you can also connect resource metadata for deeper cost analysis.

ℹ️

Have questions or feedback? Reach out to your account manager.

Updated 19 days ago