# Azure Resources {% hint style="info" %} Cortex connects to many third-party vendors whose system interfaces frequently change. As a result, integration behavior or configuration steps may shift without notice. If you encounter unexpected issues, check with your system administrator or refer to the vendor's documentation for the most current information. Additionally, integration sync times vary and are subject to scheduling overrides and timing variance. {% endhint %} [Azure Resources](https://learn.microsoft.com/en-us/azure/azure-resource-manager/management/overview) provides on-demand cloud computing platforms and APIs. Cortex uses the Azure Resource API to pull in resource details and import entities such as SQL servers, virtual machines, virtual networks, load balancers, and others. Integrating Azure Resources with Cortex allows you to: * [Automatically import entities](#enable-automatic-discovery-of-azure-resource-entities) and track ownership of entities * Create [Scorecards](#scorecards-and-cql) to drive alignment and track progress on projects involving resources from Azure ## How to configure Azure Resources with Cortex ### Prerequisites Before getting started, you will need the following information. These can be found in the **Enterprise applications** section of Azure: * Azure tenant ID * Azure client ID and [client secret](https://learn.microsoft.com/en-us/entra/identity-platform/quickstart-register-app#add-credentials) * Azure subscription ID * Ensure that the service principal for the subscription ID has a [Reader role](https://learn.microsoft.com/en-us/entra/identity-platform/howto-create-service-principal-portal#assign-a-role-to-the-application). ### Configure the integration in Cortex 1. In Cortex, navigate to the [Azure Resources settings page](https://app.getcortexapp.com/admin/integrations/azureresources). * Click **Integrations** from the main nav. Search for and select **Azure Resources**. 2. Click **Add configuration**. 3. Configure the Azure Resources integration form: * **Account alias**: Enter your Azure account alias. Account aliases are used to tie service registrations to different configuration accounts. * **Azure tenant ID**: Enter your Azure tenant ID. * **Client ID** and **Client secret**: Enter your Azure client ID and secret. * **Subscription ID**: Enter your Azure subscription ID. 4. Click **Save**. * You will be redirected to the Azure Resources Settings page in Cortex, where you can optionally choose to include only specified Azure resource types for this integration. You can also enable [automatic import](#enable-automatic-discovery-of-azure-resource-entities) for any discovered entities of known types. After saving your configuration, you are redirected to the integration settings page in Cortex. In the upper right corner of the page, click **Test configuration** to ensure Azure Resources was configured properly. To modify the integration configuration, see [Modifying an existing integration configuration](/ingesting-data-into-cortex/integrations.md#modifying-an-existing-integration-configuration). ## How to connect Cortex Entities to Azure Resources {% hint style="info" %} For Azure Resources, Cortex replaces non-alphanumeric characters in entity names with a space. For example, `resource_1` would become `resource 1`. For the [Cortex tag](/ingesting-data-into-cortex/entities-overview/entities.md#cortex-tag), Cortex replaces non-alphanumeric characters with `-` and lowercases the letters. If multiple special characters appear together in a tag, Cortex replaces the group of characters with only one `-`. For example, `mY_e%ntity#$_tag` would become `my-e-ntity-tag`. {% endhint %} ### Enable automatic discovery of Azure Resource entities You can configure automatic import from Azure: 1. In Cortex, navigate to the [Entities Settings page](https://app.getcortexapp.com/admin/settings/entities). 2. Next to **Auto import from AWS, Azure, and/or Google Cloud**, click the toggle to enable the import.\\
### Discover ownership for Azure Resources Cortex can automatically discover ownership for your Azure resources. To configure this: * Make sure that your Azure resources have a tag matching the `x-cortex-tag` of the corresponding Cortex team * Enable the “Sync ownership from Azure” toggle in the [Azure Resources Settings page](https://app.getcortexapp.com/admin/settings/azureresources) in Cortex. * By default, Cortex looks for the `owner` tag. You can also customize the tag key name on the Settings page. Cortex syncs ownership from Azure Resources every day at 6 a.m. UTC. ### Define a dependency Cortex automatically discovers dependencies between your services and resources by scanning for resources with specific Azure Resources tags. By default, a service will have dependencies on any Cortex resource that has a corresponding Azure Resources resource with Azure Resources tag key = "service" and tag value = the service's Cortex tag. On the [Azure Resources settings page](https://app.getcortexapp.com/admin/settings/azureresources), you can customize the tag key names for dependencies. For more information on defining dependencies, please see the [Dependencies documentation](/ingesting-data-into-cortex/entities-overview/entities/adding-entities/dependencies.md). ### Import entities from Azure Resources See the [Create services documentation](/ingesting-data-into-cortex/entities-overview/entities/adding-entities/add-services.md#creating-services) for instructions on importing entities. ### Editing the entity descriptor You can associate a Cortex entity with one or more Azure Resources entities. Cortex will display those Azure Resources entities' metadata on the Cortex entity page. When the entity is connected to Azure, the entity YAML will look like the following: ```yaml x-cortex-azure: ids: - id: /subscriptions/1fbb2da1-2ce7-45e4-b85f-676ab8e685b9/resourceGroups/GROUP1/providers/Microsoft.Compute/disks/vm1_disk1_3d9f85717666435e9e87e4883d31a7e9 alias: my-default-alias # alias is optional and only relevant if you have opted into multi account support - id: /subscriptions/1fbb2da1-2ce8-45e4-b85f-676ab8e685b0/resourceGroups/GROUP2/providers/Microsoft.Compute/disks/vm1_disk1_3d9f85717666435e9e87e4883d31a7e0 alias: my-other-alias # alias is optional and only relevant if you have opted into multi account support ``` ## Using the Azure Resources integrations ### Scorecards and CQL With the Azure Resources integration, you can create Scorecard rules and write CQL queries based on Azure Resources details. See more examples in the [CQL Explorer](https://app.getcortexapp.com/admin/cql-explorer) in Cortex.
Get Azure Resource details for entity Get Azure Resource details for an entity. **Definition:** `azureResource.details(): Object` **Examples** In a Scorecard, you can write a rule to make sure an entity has Azure Resource details: ``` azureResource.details() != null ``` Make sure an entity has an environment tag: ``` azureResource.details().resources.filter((resource) => jq(resource, ".metadata.\"environment\"") != null).length > 0 ``` Make sure an entity has a health check: ``` jq(azureResource.details(), ".resources[].metadata.siteConfig.healthCheckPath") != null ``` Make sure an entity has a tag with a certain key and value: ``` azureResource.details().resources.filter((resource) => resource.tags.get("tag-key") == "tag-value").length > 0 ```
### View integration logs {% hint style="info" %} This feature is available in Cortex cloud. {% endhint %} While viewing an integration's settings page, click the **Logs** tab to view error logs from the last 7 days. You can filter the logs list by configuration and by operation (for example, you could filter to view errors surfaced only via Scorecards).
The 'Logs' tab on an integration's settings page shows error information over the past 7 days.
Click into a row to get more information, including time stamp, status code, full error, and request path. ## Background sync Cortex conducts a background sync of Azure Resources every day at 00:00 a.m. UTC and an ownership sync every day at 6 a.m. UTC. ## FAQs and troubleshooting **Why is the Azure resource type `microsoft-resources-subscriptions-resourcegroups` not pulling in Azure Resource details?** Cortex pulls from the Azure Resource API, but not from the Azure Resource Group API. If you would like to submit a feature request for support of Azure Resource Groups, please contact our customer engineering team. ## Still need help?[​](https://docs.cortex.io/docs/reference/integrations/aws#still-need-help) The following options are available to get assistance from the Cortex Customer Engineering team: * **Email**: , or open a support ticket in the in app Resource Center * **Slack**: Users with a connected Slack channel will have a workflow added to their account. From here, you can either @CortexTechnicalSupport or add a `:ticket:` reaction to a question in Slack, and the team will respond directly. Don’t have a Slack channel? Talk with your Customer Success Manager. --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.cortex.io/ingesting-data-into-cortex/integrations/azureresources.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.