create an app registration
- Open Azure Portal, proceed to Azure Active Directory.
- In the menu on the left, select “App registrations”.
- In the navigation bar on the top of App registrations page, select “+ New registration”.
- In the “Register an application” page, enter a name for the app - e.g. Metrics and Logs. For supported account type, you can leave the default, the optional Redirect URI can leave empty.
- After creation, Azure will show you the new App registration entry. Copy the Application (Client) ID and the Directory (tenant) ID. Create a client secret with the “Client credentials” link.
assign reader role to app registration
- Proceed to your subscription (in case you use management groups, go instead to your tenant root group).
- Select “Access control (IAM)”.
- Select “Add role assignment”.
- On the Add role assignment page, select the “Reader” role and add your App registration to that role.
- Press “Review + assign” to make your change.