Azure Setup Overview
Verdaro uses Azure APIs to provide comprehensive cloud cost optimization:
- Cost Management Exports - Ingest FOCUS-format cost data
- Azure Resource Graph - Inventory sync for all resources
- Azure Monitor - 30-day performance metrics for rightsizing
You'll create a Service Principal, grant it appropriate access, and configure Cost Management exports.
What you need
- Azure AD tenant access (App Registration permissions)
- Subscription ID you want to connect
- Permission to create Cost Management exports
- Storage account and container for export files
Required fields in Verdaro
When you add an Azure connector, Verdaro asks for:
- Subscription ID
- Tenant ID
- Client ID
- Client Secret
- Storage Account
- Container Name
- Export Name
High-level steps
- Create an Azure App Registration and Service Principal.
- Grant Cost Management, Reader, and Monitoring Reader access.
- Create a Storage account + container.
- Configure three Cost Management exports (FOCUS, Actual, Amortized) to that container.
- Seed historical data (optional, for backfill).
- Paste the values into Verdaro and run Test Connection.
Backfill (13 months)
Verdaro defaults to a 13-month historical backfill when a connector is first synchronized. This enables critical year-over-year (YoY) cost comparisons, trend analysis, and seasonal spend patterns from day one.
Why 13 Months?
A 13-month window ensures that you can compare the current month's performance against the same month from the previous year, providing the context necessary for informed FinOps decisions.
Required Datasets for Backfill
To ensure full data fidelity, you must configure and seed all three required exports:
- FOCUS (
Cost and usage - FOCUS): Primary cost engine. - Actual Cost (
Cost and usage details (actual)): Invoice reconciliation. - Amortized Cost (
Cost and usage details (amortized)): Commitment (RI/SP) tracking.
How it Works
- First Sync: When you click Sync Now for the first time, Verdaro triggers the
INGEST_BACKFILL_WORKFLOW. - Discovery: The system scans your Azure storage container for all existing export runs within the lookback period (default: 13 months).
- Queueing: Historical runs are enqueued into specialized backfill shards (
backfill-jobs-{0-7}) to avoid delaying daily incremental syncs. - Completion: Once all discovered historical runs are enqueued, the connector marks
backfill_completed_at.
Important:
backfill_completed_atmarks the point where discovery and enqueuing are complete, not the full ingestion of every row. Ingestion continues in the background via the backfill queues.
Seeding Historical Data
Verdaro can only ingest what exists in your storage account. Azure exports are not retroactive; you must "seed" them for past months.
via Azure Portal
- Navigate to Cost Management → Exports.
- Select your export and click Pick dates.
- Select a past month and click Run. Repeat for each required dataset and month.
via Azure CLI
Use the Exports API via CLI to trigger a run for a specific month. You must do this for each of the three required exports.
# Example: Trigger a run for January 2025
az costmanagement export run \
--name "verdaro-focus" \
--scope "/subscriptions/{SUBSCRIPTION_ID}"For automated seeding of many months, see the Microsoft Tutorial: Seed historical cost dataset (opens in a new tab).
Inherited Wisdom
- Backfill discovery = enqueue/discovery complete (
backfill_completed_atsemantics). - Dedicated queues: Backfill jobs use
backfill-jobs-{0..7}to isolate high-volume historical loads. - Hermetic processing: Ingestion logic mocks
findAllRunsand tenant RPC clients during testing. - Scheduler guard: Verdaro automatically skips duplicate backfill triggers if an ingestion is already running.
Features by Permission
| Feature | Required Role | What it enables |
|---|---|---|
| Cost Ingestion | Cost Management Reader | Daily cost data sync, spend analysis |
| Resource Inventory | Reader | Resource discovery, tag compliance, relationships |
| Rightsizing | Monitoring Reader | Azure Monitor platform metrics (where supported) |
| Cost Trends | Cost Management Reader | 30/60/90-day spend comparisons |
Azure Monitor metrics (rightsizing)
Verdaro collects Azure Monitor platform metrics via the ARM Metrics API (Microsoft.Insights/metrics). In most subscriptions, platform metrics are available automatically for supported services.
What you need to do:
- Assign the Service Principal Monitoring Reader at the subscription scope (or a custom role that includes
Microsoft.Insights/metrics/read). - Be aware that metrics availability is per resource type, and the available metric names differ by service.
Canonical reference for supported metrics by resource type:
- https://learn.microsoft.com/en-us/azure/azure-monitor/reference/metrics-index (opens in a new tab)
- https://learn.microsoft.com/en-us/azure/azure-monitor/reference/supported-metrics/ (opens in a new tab)
Continue with the detailed steps: