Creating the service connection for Azure Hybrid Benefit data providers
Overview
A service connection allows you to establish access to Microsoft Azure portal and obtain data from it without sharing the credentials. A service connection is configured once by an administrator and then it can automatically use a service for obtaining data.
The Azure Hybrid Benefit add-on contains an Azure Hybrid Benefit service. This service is needed for creating a service connection to Microsoft Azure portal.
To create a service connection, take the following steps:
- Configure the authentication and authorization settings for integration on Microsoft Azure portal.
- Create a tenant in Enterprise Service Management.
- Create a service connection in Enterprise Service Management.
A DWP subscription is required to be able to use the Azure Hybrid Benefit add-on.
Configuration
Refer to the Сreating the service connection for the Intune data provider article to configure the service connection for the Azure Hybrid Benefit data provider. The configuration steps for both extensions are quite similar with a couple of differences outlined below.
The following values should be used for Azure Hybrid Benefit in each corresponding step.
- Assigning permissions:
- Azure Service Management > user_impersonation
- Microsoft Graph > User.Read
- Creating a tenant:
Select Azure Hybrid Benefit in the Service field.
- Creating a service connection:
Select Azure Hybrid Benefit - Azure Active Directory (Application) in the Service field.
Now you can use this service connection in the configuration of the Azure Hybrid Benefit data provider.
For more information on creating and using service connections, please refer to this article.