Create an app registration
In Azure Portal, open Microsoft Entra ID, then App registrations, then New registration. Name it CloudCostIQ Billing Reader.
Create one dedicated Microsoft Entra app registration, assign Cost Management Reader to the subscription you want reviewed, and paste the credential fields into CloudCostIQ for a 90-day billing backfill.
In Azure Portal, open Microsoft Entra ID, then App registrations, then New registration. Name it CloudCostIQ Billing Reader.
Open the new app registration Overview page. Copy Directory tenant ID and Application client ID.
Open Certificates & secrets, add a new client secret, and copy the Value immediately.
Open the subscription you want to review first. Go to Access control (IAM), add role assignment, and choose Cost Management Reader.
If you want owner/resource context in recommendations, assign Reader at the same subscription scope.
Return to CloudCostIQ, open Cloud Data, choose Azure, paste Display name, Tenant ID, Subscription ID, Client ID, and Client secret.
Display name: Production subscription Tenant ID: 00000000-0000-0000-0000-000000000000 Subscription ID: 00000000-0000-0000-0000-000000000000 Client ID: 00000000-0000-0000-0000-000000000000 Client secret: copied secret value
{
"required_roles": [
{
"role": "Cost Management Reader",
"scope": "/subscriptions/{subscriptionId}",
"purpose": "Read Azure Cost Management ActualCost data for recurring reviews"
},
{
"role": "Reader",
"scope": "/subscriptions/{subscriptionId}",
"purpose": "Optional resource metadata for owner and service context"
}
],
"credential_fields": [
"tenantId",
"subscriptionId",
"clientId",
"clientSecret"
],
"explicitly_not_required": [
"Owner",
"Contributor",
"User Access Administrator"
]
}