Infrastructure Dashboard Deployment Guide
- Requirements
- Resource Providers requirements
- Installing the custom connector
- Azure Advisor Recommendations
- Recommendations from Microsoft Defender for Azure
- Setting up the Azure Infrastructure Dashboard
- The CCO Azure Infrastructure Dashboard is a Power BI Template that requires you to download and install the Microsoft Power BI Desktop Edition from the Microsoft Store. Below you can find the minimum requirements to run the Dashboard
- Windows 10 version 14393.0 or higher.
- Internet access from the computer running Microsoft Power BI desktop.
- An Azure account on the desired tenant space with permissions on the subscriptions to read from the Azure Services described above.
- The subscriptions will need to use the Azure Defender paid plan if you want to detect and see the alerts in the Azure Defender Alerts page of the CCO Azure Infrastructure Dashboard.
Below is the list of providers and the actions that you will need to permit to allow you to run the CCO Power BI Dashboard:
| Resource Provider Name | Permissions |
|---|---|
| Azure Advisor | Microsoft.Advisor/generateRecommendations/action |
| * | */Read |
IMPORTANT: You must follow this procedure to implement Azure delegated resource management to get data from subscriptions in other tenants.
Although some of the Resource Providers might be enabled by default, you need to make sure that at least the Microsoft.Advisor and the Microsoft.Security resource providers are registered across all the subscriptions that you plan analyze using the Dashboard.
Registering these 2 Resource Providers has no cost or performance penalty on the subscription:
- Click on Subscriptions.
- Click on the Subscription name you want to configure.
- Click on Resource Providers.
- Click on Microsoft.Advisor and Register.
- Click on Microsoft.Security and Register.
The CCO Azure Infrastructure Dashboard requires you to install the Power BI Custom Connector located in the same folder as the CCO Infrastructure Dashboard: (CCoDashboardAzureConnector.mez). This Custom Connector allows us to leverage information from Azure Management REST APIs that require POST methods and error handling.
To install the custom connector you must copy the file CCoDashboardAzureConnector.mez from the ccodashboard/dashboards/CCODashboard-Infrastructure/ folder to the folder that Power BI creates by default in the Documents folder in your PC. If this folder doesn't exist, you can create a new one with this name.
The path should be C:\Users%username%\Documents\Power BI Desktop\Custom Connectors .
Note: Recently some users are having problems with the connector and Power BI due One Drive. If this is the case, the folder structure needs to be created within OneDrive folder ....\Documents\Power BI Desktop\Custom Connectors after that the custom connector will be recognized.
Then go to Power BI Options and under Global category in the Security section, select (Not Recommended) Allow any extension to load without validation or warning and click OK.
Azure Advisor is a personalized cloud consultant that helps you follow best practices to optimize your Azure deployments. It analyzes your resource configuration and usage telemetry. It then recommends solutions to help improve the performance, security, and high availability of your resources while looking for opportunities to reduce your overall Azure spend.
The Continuous Optimization Power BI Dashboard will directly pull data from Azure Advisor REST APIs to aggregate all the information across the Azure account subscriptions. This requires generating the recommendations before the first time we load the template else the Dashboard will be empty or will fail because it was unable to download any data.
Open the Azure Portal with your Azure Account https://portal.azure.com
- Click on Advisor.
- Expand the subscriptions drop-down menu.
- Select the subscription you want to update or generate the recommendations for the first time.
- Wait until the recommendations for the selected subscriptions has been loaded.
- Repeat these steps for each subscription you want to manually generate Azure Advisor recommendations.
Microsoft Defender for Cloud is a Cloud Security Posture Management (CSPM) and Cloud Workload Protection Platform (CWPP) for all of your Azure, on-premises, and multi-cloud (Amazon AWS and Google GCP) resources. Defender for Cloud fills the vital needs as you manage the security of your resources and workloads in the cloud and on-premises.
You can find more information at the official Microsoft Defender for Azure site.
The subscriptions will need to use the paid tier if you want to detect and see the alerts in the Microsoft Defender for Azure Alerts page of the dashboard.
Download and open the .pbit file from CCODashboard-Infra folder.
Before start loading data you need to select which type of environment you're using:
- Select "Global" for Microsoft Azure commercial environments. This is the default selection.
- Select US-Government for Azure Us government services. Azure Government is a separate instance of the Microsoft Azure service. It addresses the security and compliance needs of United States federal agencies, state and local governments, and their solution providers.
- Preview feature: Select China to load data from cloud applications in Microsoft Azure operated by 21Vianet (Azure China).
- Go to File -> Options -> Privacy and set to Always ignore privacy level settings.
By default, the template doesn’t have any Azure Account credentials preloaded. Hence, the first step to start showing subscriptions data is to sign-in with the right user credentials.
IMPORTANT NOTE: Power BI Desktop caches the credentials after the first logon. It is important to clear the credentials from Power BI desktop if you plan to switch between Azure Global and any other region like US Government or China. The same concept applies if you plan to switch between tenants. Otherwise, the staged credentials will be used again for the different Azure environments and the authentication or data load process will fail.
In some cases, old credentials are cached by previous logins using Power BI Desktop and the dashboard might show errors or blank fields.
- Click on Data sources in Current file/Global permissions.
- Click on Clear Permissions.
- Click on Clear All Permissions.
If the permissions and credentials are properly flushed it should ask you for credentials for each REST API and you will have to set the Privacy Levels for each of them.
- Click on Refresh.
- Click on Organizational Account.
- Click on Sign in.
- Click on Connect.
- Click on Organizational Account.
- Click on Sign in.
- Click on Connect.
- Make sure that you select Organization account type.
- Click on Sign in.
