Question

Monitoring Azure App Registrations with Centreon

  • 7 October 2022
  • 6 replies
  • 74 views

Badge +1

Hello, im looking to monitor with Centreon the expiration dates of the cetificates/secrets of applications in Azure App Registrations.

Do you know what plugin do i need and how can i do this.

Any help will be appreciated. 


6 replies

Userlevel 6
Badge +16

Hello, 

 

You can do it with the Office365 Management mode from centreon-plugins (https://github.com/centreon/centreon-plugins/blob/2c3cca1e20aa3844ad6ff0d1f8ed68f821e5c94b/cloud/microsoft/office365/management/mode/appcredentials.pm

 

Associated packages: 

centreon-pack-cloud-microsoft-office365-management.noarch : Centreon pack
centreon-plugin-Cloud-Microsoft-Office365-Management-Api.noarch : Centreon Plugin

 

Best

Badge +1

Many thanks, will try.

Badge +1

Hello,

So...still not working 🙁

I created my host on Centreon and selected the template Cloud-Microsot-Office365-Management-Api-custom.

I created an application in Azure App Registrations.

I added the args on the host : Tenant, clientID, clientSecret

Do i have to give some permissions or roles to my new application ? like this one for example :

“”” 

  • Add the Monitoring Reader role to your new application:
    • Go back to the Azure Portal home menu.
    • Go to Resource groups.
    • Choose the resource group containing the resources you want to monitor.
    • Click on Access Control (IAM) and + Add > Add role assignment.
    • Search for the Monitoring Reader role, select it and click Next.
    • Select your new application as a member for this role by clicking on + Select members.
    • Review and assign

“””

Am i missing something else? 🙄

 

Userlevel 6
Badge +16

Hi,

 

Yes I think so. 

Userlevel 2
Badge +3

hi

the role you added was for “Azure Monitor” which is not the same as office365 monitor

Azure Monitoring Prerequisites | Centreon Documentation

this one only gives access to Azure Resources

 

the plugin @sims24 is refering to is from the “office365” cloud pluging that uses the graphapi, which is explained a bit more here:

Office 365 Management | Centreon Documentation

 

so instead of addiing a IAM Role, you’ll need to go the "Azure AD” console, app registration, and find your app, then on the left menu of your app, go to “Api Permission” and add the permission from the centreon documention

(you can keep your IAM Role, if you use the same app for Azure and o365 it’s easier to monitor both environment, or you can have 2 separate azure app, or more, your choice)

 

Userlevel 6
Badge +16

We will try to enhance this, I will track an issue. But @christophe.niel-ACT said it all. 

 

Make sure to have these rights assigned to your user: 

https://learn.microsoft.com/en-us/graph/permissions-reference#example-usage-3

Reply