Prerequisite Checklist

Azure onboarding requires two checks before you begin.

Verify both on the onboarding user account. If you skip them, onboarding fails.

1. User Access Administrator role at root scope

Archera creates a custom RBAC role inside your Azure tenant.

Make sure your onboarding user has Access management for Azure resources enabled.

Global Administrator + Entra properties toggle on

1. Go to Microsoft Entra ID → Users.

2. Select the onboarding user.

3. Open Assigned roles.

4. Add Global Administrator in the role directory.

5. Go to Microsoft Entra ID → Overview → Properties.

6. Turn on Access management for Azure resources if it is off.

You can find this setting in: Microsoft Entra ID > Overview > Properties

2. Contributor role at subscription scope

Your designated "onboarding user" needs Contributor RBAC role at subscription scope.

• When you provide your Azure Tenant ID and Subscription ID in the first stage of onboarding flow, this subscription will house a Resource Group and Storage Account to store Cost Exports.

  • Microsoft requires Cost Exports to live in a storage account in your own Azure estate.

• We create those resources on your behalf later in the onboarding flow. In order to facilitate that, we need the contributor access to just the one sub.

Related Resources

• Azure Onboarding - Supported Account / Subscription Types

• Azure Onboarding - Required Permissions

• Does Archera for Azure rely on Microsoft Azure Exchanges or Returns policy?

• Does Archera Support Reservations for Azure Storage Disks?

• Azure Offboarding