Azure Management Group onboarding as billing

You can onboard azure management group as billing by following the CLI steps provided below.

To manage an Azure Active Directory (AAD) app and create a client secret, the Active Directory administrator role is required

Create AAD

az ad sp create-for-rbac --display-name "<APP_NAME>" --years=2 -o table

• <APP_NAME>: Enter the unique name. Recommended (mavvrik_management_group)

• Capture App id, Password and Tenant id which will be used in subsequent steps

To assign permissions to the Azure Active Directory (AAD) app, it is recommended to have the Owner role. Alternatively, you can have both the Contributor and User Access Administrator roles.

Assign Permissions to the App(Mandatory)

az role assignment create --assignee "<APP_ID>" --role "Reader" --scope "/providers/Microsoft.Management/managementGroups/<MANAGEMENT_GROUP-ID>" -o table

• <APP_ID> : Enter App id created in above step

• <MANAGEMENT_GROUP-ID>: Enter your management group Id(To Get Management Group id Navigate to Azure Console > Search Management Group > Capture the id)

Assign Additional Permissions to the App(Optional)

az role assignment create --assignee "<APP_ID>" --role "Reservations Reader" --scope "/providers/Microsoft.Capacity" -o table

az role assignment create --assignee "<APP_ID>" --role "Savings Plan Reader" --scope "/providers/Microsoft.BillingBenefits" -o table

• <APP_ID> : Enter App id created in above step

Connect Billing Account

1. Login to Mavvrik

2. Go to Menu > Admin > Public Clouds

3. Click on +Account

4. Select CSP as Account type and Billing Scope as Management group

5. Enter required details

6. Click Connect

You can use the same credentials to onboard the Management Group as a usage account.Azure Management Group Manual CLI Onboarding