Login to the OneIQ Portal.

Select IT Environments in the left navigation menu and go to the Connectors tab.

Select Microsoft Azure as the platform to connect.
​

In the "Connect your Microsoft Azure cloud" section, specify the name of the OneIQ Pulse for Azure connector to differentiate it from other connectors in your IT environment. For example, this could be the name of the Azure region.

Then click Download to save the OneIQ Pulse ARM manifest.
​

Go to the Azure Portal and launch Cloud Shell from the top navigation:
​

If you are using Powershell, then click the Switch to Bash button in the top left.
​

Set the Subscription ID that will be used for the OneIQ Pulse Service Principal (replace xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx):
​az account list --output table

az account set --subscription xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx

Create the OneIQ Pulse Service Principal, and assign the required 'Monitoring Reader' Role:
​subscriptionId=$(az account show --query id --output tsv)

principal=$(az ad sp create-for-rbac --name "OneIQ-Pulse" --role "Monitoring Reader" --scope "/subscriptions/$subscriptionId" --output json)

Output the credentials, and save them in a secure location because the password (Service Principal Token) is not saved anywhere else:
​echo $principal | jq

Example output:
​{

"appId": "12345678-1234-1234-1234-123456789abc",

"displayName": "SomeAppName",

"password": "P@ssw0rd123!",

"tenant": "87654321-4321-4321-4321-abcdef987654"

}
​

If you would like to analyze NetFlow logs, then assign the Storage Blob Data Reader Role:
​az role assignment create --role "Storage Blob Data Reader" --scope "/subscriptions/$subscriptionId" --assignee $(echo $principal | jq -r .appId)

If you would like to analyze Reservation costs, then assign the Reservations Reader Role:
​az role assignment create --role "Reservations Reader" --scope "/providers/Microsoft.Capacity" --assignee $(echo $principal | jq -r .appId)

Note: To assign the 'Reservations Reader' Role, the account running these commands must have the Owner or User Access Administrator Role at the root tenant level (Elevate access to manage all Azure Subscriptions and Management Groups ), or it can be granted to the account running these commands by an elevated account:
​az role assignment create --assignee xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx --role "User Access Administrator" --scope "/" --condition-version 2.0 --condition "((!(ActionMatches{'Microsoft.Authorization/roleAssignments/write'})) OR (@Request[Microsoft.Authorization/roleAssignments:RoleDefinitionId] GuidEquals 582fc458-8989-419f-a480-75249bc5db7e))"

Go to the the Azure Portal and search for Deploy a custom template.
​

Select Build your own template in the editor.
​

Click Load file.

Select the downloaded OneIQ Pulse ARM manifest. Click Open and then Save.
​

Create a new resource group and select the desired Region.
​

Enter the Service Principal Id and Service Principal Token, which are the appId and password from the saved credentials above.

Select the VM Size to deploy from VM Sizing Guidelines below.

Click Review + Create, and ensure that the deployment is successful.
​