Connect to Azure

Azure Integration Overview

Integrate Azure with Finout to generate comprehensive cost and usage reports tailored to your organization's needs. Configure Finout to create detailed reports using Azure data, either for specific subscriptions or across your entire organization. This integration allows for in-depth analysis and management of expenses, offering valuable insights into cost allocation and usage trends across your Azure infrastructure. See Azure documentation to learn more about creating and managing cost management exports.

Azure Configuration Workflow:

1. Create a Service Principal for Finout

The integration to your Azure is achieved by using an Azure service principal. There are two options: a. Create a service principle using the CLI.

b. Create a service principal using the Azure portal and set up an authentication.

a. Create a service principal using the CLI

From the CLI, type the following:

az ad sp create-for-rbac -n "finout"

You will receive an output similar to the following:

{
  "appId": "3c666g0g6-8cb8-8b33-cba6-abc7676a8989",
  "displayName": "finout",
  "password": "789************************",
  "tenant": "6666b777-ba88-44a9-a4aa-666ccb222a91"
}

Important: Save the following details to use in the Finout console (step 4):

appId → Application (client) ID
tenant → Directory (tenant) ID
password → Application password (Client Secret

b-1. Create a service principal using the Azure portal

From your Azure portal, search for and select Azure Active Directory.
Select App registrations, then click New registration.
Name the application (For example, "Finout").
Leave the default values in the rest of the parameters and click Register.
The Overview page provides two of the credentials required for the Finout console (step 4) the Application (client) ID and the Directory (tenant) ID.
Important: Save the following details to use in the Finout console (step 4):
- appId → Application (client) ID
- tenant → Directory (tenant) ID

b-2 Set up the authentication

For the Finout integration, use the password-based authentication (application secret) method by following these steps:

Select Certificates & secrets from the left-hand menu on the app registration page.
Click + New client secrets to create a new client secret.
Select a time frame for its expiration, add a description, and then click Add.
Note: If the secret is set to expire, you must remember to renew the credentials and reconfigure it in the Finout console.
Copy the Value from the Client secret to the Application secret field in the Finout console (step 4).

2. Create the Billing Export

In this step, create the export for the billing scope and grant Finout read-only access to these export files.

Important: Ensure you're on the billing scope when performing the following step. To ensure you're on the billing scope, check the text on your cost management screen that states Billing account.

Note: When creating an export for the billing scope, you can choose to configure Azure settings by overwriting the same file or by generating a new file for each run.

Create the report exports on the billing scope:

The reports must be exported twice, once for each of the following cost types:

Actual cost
Amortized cost

You should provide a different directory for both exports, but both exports must be exported to the same container.

To create an export in your Azure portal:

In Azure, navigate to Cost Management.
Click Exports in the left-hand menu.
From the Export screen, click + Create. The New export page appears.
Click Cost and Usage (actual or amortized).
Note: The reports must be exported twice, once for each cost type. You should provide a different directory for both exports, but both exports must be exported to the same container.
You are brought to the Datasets tab.
Add the Export Profile name and click Next. You are brought to the Destination tab.
Important: - Ensure that the Format is CSV. - Ensure that the Compression type is None.
Fill in the details required on the destination page.
Note: Save the following details to add to Finout (step 4): -Storage Account
-Container
-Actual Cost Directory and Export Name
-Amortized Cost Directory and Export Name
Click Next. You are brought to the Review and Create tab.
Review the summary and click Create.
After the export is created, select it from the export page and click Run now.

3. Grant Finout Read-Only Permission from the Export Storage

Grant read-only permission by using Azure CLI or the Azure portal.

Grant permissions using Azure CLI

Type the following command in your CLI and fill in the parameters according to the role and storage details:

az role assignment create --assignee <app_id> --role "Storage Blob Data Reader" --scope /subscriptions/<subscription_id>/resourceGroups/<resource_group_name>/providers/Microsoft.Storage/storageAccounts/<storage_account_name>/blobServices/default/containers/<container_name>

Grant permissions using the Azure portal

From your Storage account page, click Containers and select the export container.
Select Access control (IAM).
Click +Add and then click Add role assignment.
Search for Storage blob data reader, select it, and then click Next.
Click + Select members and find the Finout service principal.
Select the Finout service principal and click Select.
Click Review + Assign.

4. Integrate Azure with Finout

Navigate to Settings > Cost Centers and click Add cost center. The Connect Accounts window appears.
In Azure, click Connect Now. The Azure integration window appears.
Add the details saved from step 1 and click Next. You are brought to the Create the billing export page.
Add the details saved from step 2 and click Next. The integration is complete.

Important: To successfully finish the Azure integration with Finout, ensure the export files exist in the given container.

Historical Backfill Export

Finout supports two methods for backfilling historical Azure cost and usage data:

1. Standard Backfill via Blob Storage (Recommended) This is the default and preferred method. Finout accesses your Azure Blob Storage using the permissions granted during Cost Center onboarding. From there, it pulls historical amortized and actual cost and usage files—even for periods prior to the Cost Center's integration—ensuring a complete and continuous cost history.

If you want Finout to backfill data for a specific period, contact Finout support and specify the desired date range in complete calendar months. Support will then access the container and import the data into your account.

Note: You must ask Finout support to fetch this as it is not fetched automatically.

2.Alternative: Manual One-Time Export

If historical files are not available in your Blob Storage, you can generate a Finout-supported manual Azure export using Azure’s Cost and Usage Export feature. This one-time export should include amortized and/or actual cost data and must be uploaded to the same Blob Storage Finout has access to. Once uploaded, Finout will automatically detect the files, fetch the data, and ingest it into your account for the desired backfill period.

This manual method should be used only when the standard Blob Storage backfill is not possible.

Prerequisite: You must have one of the following Azure permissions:

Owner/Contributor role
A custom role with:
- Microsoft.Authorization/roleAssignments/write
- Microsoft.Authorization/permissions/read

Open the Azure Portal Go to your Azure Portal and navigate to Cost Management and Billing.
Navigate to Exports:
1. Select the relevant billing scope.
2. In the left sidebar, click Exports.
3. Click Create New Export.
4. Choose Cost and usage (actual + amortized) export.
Create Actual and Amortized Exports
Note: You will need to create two separate exports:
- One for Actual Cost and Usage
- One for Amortized Cost and Usage
1. Choose an Export Name / Prefix.
2. Edit the Export information:
  1. Choose a Data Type
  2. Add an Export Name
  3. Choose a Domain version
  4. Frequency: One-time
  5. Time Period: A full calendar month
    Important: Azure allows exporting only one month at a time. To export additional months, repeat the process.
  6. Add an Export description
Set Destination
1. Storage Type: Azure Blob Storage
2. Destination and storage: Use existing
3. Enter your Subscription and Storage account.
4. Container: Select an existing container in your Azure account — this must be the same one you granted Finout access to during the Azure Cost Center onboarding. This container stores your billing data.
5. Directory: make sure to export the actual file and the amortized file into different directories.
6. Format: CSV
7. Compression type: Gzip
8. Enable Overwrite data
Review and Create
After creating both exports, ensure both actual and amortized appear in the export list.
Run the Export.
Note: You will need to run two separate exports:
- One for Actual Cost and Usage
- One for Amortized Cost and Usage
1. In Exports, click on the right side of each export.
2. Select Run now and choose the relevant month.
Locate and Share Files: Once complete, both files will be available in the Blob Storage container you specified. Contact Finout support and they will then access the container and import the data into your account.