How can I assign billing reader role through azure cli in Microsoft Partner Agreement account?

Manoj Ghogale 0 Reputation points
2023-07-27T12:18:12.4833333+00:00

I have created an App and assigned a service principal to it through az cli commands. Now I would like to give this app the billing reader role so that I can use the cost details API to fetch my billing data. In EA I am able to achieve the role assignment by following here https://learn.microsoft.com/en-us/azure/cost-management-billing/manage/assign-roles-azure-service-principals , but how do we achieve this for a MPA partner account? when I run the same API it gives me the error
"code": "UnprocessableEntity",

"message": "PUT operation is currently supported only on EA billing accounts"

Azure Cost Management
Azure Cost Management
A Microsoft offering that enables tracking of cloud usage and expenditures for Azure and other cloud providers.
2,524 questions
{count} votes

2 answers

Sort by: Most helpful
  1. SadiqhAhmed-MSFT 44,606 Reputation points Microsoft Employee
    2023-07-27T17:55:26.9666667+00:00

    Hello @Manoj Ghogale Thank you for reaching out to us on Microsoft Q&A platform. Happy to help!

    Here’s documentation on how to assign necessary roles to the SPN  for both MCA and EA accounts. https://learn.microsoft.com/en-us/azure/cost-management-billing/automate/cost-management-api-permissions#assign-service-principal-access-to-azure-resource-manager-apis

     Copying the text from the above article:

    ·        Enterprise Agreements - To assign service principal permissions to your enterprise billing account, departments, or enrollment account scopes, see Assign roles to Azure Enterprise Agreement service principal names.

    ·        Microsoft Customer Agreements - To assign service principal permissions to your Microsoft Customer Agreement billing account, billing profile, invoice section or customer scopes, see Manage billing roles in the Azure portal. Configure the permission to your service principal in the portal as you would a normal user. If you want to automate permissions assignment, see the Billing Role Assignments API.


    If the response helped, do "Accept Answer" and up-vote it


  2. Patchfox 3,916 Reputation points
    2023-07-27T17:56:11.56+00:00

    Hi Manoj Ghogale, I wan to help you with this question.

    For Microsoft Partner Agreement billing accounts, the process is slightly different than for EA accounts.

    To give a customer (in your case the customer with the app) the rights to view costs, a policy has to be activated.

    This policy is disabled by default.

    After the policy is set, regular Azure RBAC roles (Cost Management Reader) can be used to view the costs for the scopes of the customer tenant.

    I hope this helps you.

    You can find more explanation here:

    https://learn.microsoft.com/en-us/azure/cost-management-billing/understand/mpa-overview#enable-policy-to-give-visibility-into-cost


    If the problem is solved for you and all questions are answered, I would be happy if you mark the answer as accepted to close the thread.


Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.