CloudZero Academy
Guides
CloudZero Status
  1. Connect Your Cost Data
  2. Cloud Providers
  3. Connecting to Azure

Connecting Azure Resource Metadata

CloudZero allocates your Azure costs using billing data from your Azure connection. By connecting resource metadata, you can also see resource properties and tags alongside your cost data in the Explorer, giving you more context when analyzing Azure costs. You can click into any Azure resource to see what it is, what tags it has, and what configuration it is running.

Resource metadata collected includes:

  • Resource names, types, and locations
  • Resource group assignments
  • Tags applied to resources
  • Management group hierarchy

Overview

Connecting Azure resource metadata takes two steps:

  1. Grant CloudZero read access in Azure
  2. Create the resource connection in CloudZero

What you need

  • An active Azure billing connection with a verified tenant. If you have not yet connected an Azure billing account, see Connecting to Azure to get started.
  • CloudZero user with data configuration permissions
  • In Azure, a role that allows you to assign the Reader role at the management group or subscription where you want CloudZero to collect metadata

Step 1: Grant CloudZero read access in Azure

Grant the CloudZeroPlatform application (service principal) the Reader role at the scope where you want to collect metadata.

  1. In the Azure Portal, navigate to the management group or subscription where you want CloudZero to collect resource metadata.
  2. Select Access control (IAM).
  3. Select Add > Add role assignment.
  4. On the Role tab, search for and select the Reader role.
  5. Select Next.
  6. On the Members tab, select User, group, or service principal.
  7. Choose Select members.
  8. Search for and select CloudZeroPlatform. This is the same application created when you set up your Azure billing connection.
  9. Select Next.
  10. Select Review + assign.

For more details on assigning Azure roles, see Assign Azure roles using the Azure portal in the Azure documentation.

Step 2: Create the resource connection in CloudZero

  1. In CloudZero, go to Settings > Cloud Connections.
  2. Select Create Connection +.
  3. Select the Azure tile, then choose the Resource Metadata tile.
  4. Enter a Connection Name (for example, Production-Azure-Resources).
  5. Select your Azure Tenant from the drop-down menu.
  6. Choose your collection scope:
    • All management groups (default): Leave Use root management group enabled.
    • Specific management groups: Uncheck Use root management group and specify the management groups to include.
  7. Select Create Connection.
ℹ️

All CloudZero access to your Azure environment is read-only. The resource connection collects metadata only and does not modify any resources. For full details, see Azure Permissions and Security.

What to expect

After CloudZero processes the resource metadata, resource properties and tags become available as filtering and grouping options in the Explorer. This can take several hours after creating the connection.

ℹ️

Have questions or feedback? Reach out to your account manager.