Integrating with Microsoft Azure Migrate

This integration is currently available as a public preview. For access, contact: [email protected]. This public preview is currently available only for on premises installations.

Use assessments in Asset to combine the real-time operational state of your on-premises environment, as known by Tanium, with the robust capabilities of Microsoft Azure Migrate to quantify the economic impact of running workloads in Microsoft Azure without using separate appliances or agents.

Overview

Assessments in Asset provide an automated method to provide Tanium data to your Microsoft Azure Migrate project and run total cost of ownership (TCO) and return on investment (ROI) assessments. You can target an assessment to any segment of your endpoint estate. For example, you might want to assess all on-premises servers that belong to a specific business unit or all servers in a particular geographical region.

For more information about Microsoft Azure Migrate, see Microsoft Azure Migrate documentation: About Azure Migrate.

Before you begin

Before you create an Azure Migrate assessment in Asset, you must complete several prerequisite tasks, as detailed in the following sections:

  1. Create an Azure account and configure required permissions
  2. Create an Azure Migrate project
  3. Create an app registration, Azure client ID, and secret
  4. Grant the necessary permissions to the service principal for the registered app
  5. Enable assessments in Asset
  6. Confirm that the necessary URLs are allowed through your security software

After you complete these tasks, you are ready to Create an assessment in Asset.

Step 1. Create an Azure account and configure required permissions

If you do not have an Azure user account, you must create one to use for the assessment. For an existing user account, confirm that the user account has the required permissions. For details, see Microsoft Azure Migrate documentation: Prepare an Azure user account.

Step 2. Create an Azure Migrate project

If you do not have an Azure Migrate project, you must create one to use for the assessment. For details, see Microsoft Azure Migrate documentation: Create a project for the first time.

If you are using an existing Azure Migrate project, confirm that the Azure Migrate: Discovery and assessment tool is available in the project. If you did not create the project from the Discover, assess and migrate option on the Azure Migrate Get Started page, you must add this tool to the project. For details, see Microsoft Azure Migrate documentation: Select a discovery and assessment tool.

Note the following details about the project so that you can provide them when you create the assessment in Asset:

Step 3: Create an app registration, Azure client ID, and secret

In the Microsoft Azure portal, create an app registration and then create an Azure client ID and secret for that app to use for authentication.

Register an application

For detailed steps, see Microsoft Azure documentation: Quickstart: Register an application. You do not need to configure the optional Redirect URI.

When you save the registration, note the Application (client) ID to use when you create the assessment.

Add a client secret

For detailed steps, see Microsoft Azure documentation: Quickstart: Add a client secret

After you add the client secret, record the Value for the client secret and save it to a secure location. You cannot see this value again after you leave this page.

You do not need to complete the other sections in the article.

Step 4: Grant the necessary permissions to the service principal for the registered app

Microsoft Azure automatically creates a service principal object when you register an app (which you completed in Step 3). This service principal object must have Contributor or Owner roles on the associated Azure subscription for the assessment to complete successfully. For detailed steps, see Microsoft Azure documentation: Assign Azure roles using the Azure portal.

  • In Step 3 of the article, select the Privileged administrator roles tab to see the Contributor or Owner roles.
  • In Step 4 of the article, select the service principal that was created for your registered app.

Step 5: Enable assessments in Asset

Enable the assessments feature

Add a Tanium Core Platform advanced setting to add the assessments feature to Asset. For more information about Tanium Core Platform settings, see Tanium Console User Guide: Managing Tanium Core Platform settings.

  1. From the Main menu, go to Administration > Configuration > Settings > Advanced Settings.
  2. Click Add Setting, configure the following properties, and click Save:
    1. Setting Type: Select Server.
    2. Name: Enter console_enable_asset_assessments.
    3. Value Type: Select Numeric.
    4. Value: Enter 1.
A Tanium Server restart is not needed to apply this setting. Refresh the Asset Settings page to see the Assessments setting.

Enable assessments in the Asset settings

  1. From the Asset Overview page, click Settings .
  2. On the Advanced tab, select to enable Assessments.
  3. Click Save.

Step 6: Confirm that the necessary URLs are allowed through your security software

If security software is deployed in your environment to monitor and block unknown URLs, your security administrator must allow the following URLs:

  • discoverysrvprodcusrepsa.blob.core.windows.net
  • management.azure.com
  • login.microsoftonline.com

Create an assessment in Asset

  1. From the Asset menu, click Assessments.
  2. Create the assessment:
    • To create a new assessment, click Create Assessment > Azure Migrate.
    • To create an assessment based on an existing assessment, click Copy in the row for the assessment that you want to use as the base configuration.
  3. Specify a Name and optional Description for the assessment.
  4. (Optional) Set the Log Level.

    The default log level (Information) is sufficient for typical usage. Adjust the log level only when you are troubleshooting an issue.

  5. In the Azure Connection Details section, provide these details:
    1. Directory (tenant) ID: Enter your Entra ID tenant ID.

      For steps to find your tenant ID, see Microsoft Azure documentation: Find your Azure AD tenant.

    2. Application (client) ID: Enter the Azure Application (client) ID for the application that you created and registered with the Microsoft identity platform in the "Before you begin" section.
    3. Client Secret: Provide the Value for the client secret that you generated for the application that you created and registered with the Microsoft identity platform in the "Before you begin" section.
    4. Click Verify Connection to confirm that the connection is valid.

      Ensure that you receive a Connection successful message before you proceed to the next section. If the verification fails, see Troubleshoot Microsoft Azure assessments.

  6. In the Azure Project Details section, provide these details:
    1. Subscription ID: Enter the UUID for the subscription in which you created the Azure Migrate project.

      For steps to find your subscription ID, see Microsoft Azure documentation: Find your Azure subscription.

    2. Resource Group Name: Enter the resource group that you selected or created when you created the Azure Migrate project.
    3. Azure Migration Project Name: Enter the name of the Azure Migrate project that you created to use for the assessment.
    4. Azure Location: Select the Azure location to use for the assessment.

      This location must match the location for your resource group. If you did not record the location when you created the project in the "Before you begin" section, you can find it in the Essentials for the resource group. In the Azure Portal, search for the Resource groups service. Open the Resource groups service and then click the name of your resource group.

  7. In the Targeting section, click Select Computer Groups. Select the computer groups to target with this assessment and click Save.
  8. In the Configuration section, provide these details:
    1. Azure Offer Code: Enter the Azure offer code to use for the assessment.

      For a description of the current Microsoft Azure offers, see Microsoft: Microsoft Azure Offer Details.

    2. Savings Options: If you plan to use Azure Reserved Instances (RI), select the savings plan you want to use for the assessment. Select None if you do not plan to use Azure Reserved Instances.

      For more information about Reserved Instances, see Microsoft Azure: Azure Reserved Virtual Machine Instances.

    3. (Optional) Discount Percentage: If you selected None for Savings Options and have a discount offer to apply in addition to the Azure offer code, specify the discount percentage to apply on the final price in the assessment. Valid values are numbers from 0 - 100.
    4. Sizing Criteria: Select the sizing criteria to use for the assessment.

      For more information about sizing criteria, see Microsoft Azure Migrate documentation: Azure VM Assessment overview.

  9. Click Submit to save your changes.

The assessment is available on the Assessments page in Asset. The status is Ready to Run until it runs for the first time. To run the assessment, click Run .

Depending on the number of targeted endpoints, an assessment can take several hours to complete.

Work with assessments

After you create an assessment, run the assessment from the Assessments page in Asset to generate the assessment results in Azure Migrate. Assessments in Asset can have the following states:

StatusDescription
Ready to Run The assessment is configured and ready to run. Click Run to run the assessment.
In Progress The assessment is in progress.
Completed The assessment is complete and ready to open in Azure Migrate. Click the link for the assessment on the Assessments page in Asset to open the resulting report in Microsoft Azure Migrate.
Canceled The assessment was canceled while in progress.
Failed The assessment failed to complete. Edit the assessment and confirm that all details are correct before you attempt to run the assessment again. For more information about troubleshooting, see Troubleshoot Microsoft Azure assessments.

Run an assessment

  1. From the Asset menu, click Assessments.
  2. In the row for the assessment, click Run .

Depending on the number of targeted endpoints, an assessment can take several hours to complete.

Edit an assessment

  1. From the Asset menu, click Assessments.
  2. In the row for the assessment, click Edit .
  3. Make the necessary changes and click Save. Run the assessment again to use the updated details in the assessment results.

Open a completed assessment

  1. From the Asset menu, click Assessments.
  2. Click the name of the assessment to open the assessment results.
  3. (Optional) On the assessment page, click View Assessment Details to open the assessment in Microsoft Azure Migrate or View Business Case to open the business case in Microsoft Azure Migrate.

    For more information about interpreting the assessment results, see Microsoft Azure Migrate documentation: Review an assessment. For more information about business case reports, see Microsoft Azure Migrate documentation: Overview report.

Delete an assessment

  1. From the Asset menu, click Assessments.
  2. In the row for the assessment, click Delete .