--- title: "Retrace Azure Integration and Management Authentication with Azure Active Directory" slug: "installing-retrace-azure-integration" description: "Monitor your Azure services with Retrace. Authenticate via OAuth 2.0 Access Tokens, set up monitoring with a dedicated service account, and access API logs." updated: 2023-12-05T20:58:21Z published: 2023-12-05T20:58:21Z --- > ## Documentation Index > Fetch the complete documentation index at: https://docs.stackify.com/llms.txt > Use this file to discover all available pages before exploring further. # Azure Integration & Authentication via Azure AD ## Retrace Azure Integration ## Overview Retrace integrates with Azure via the Azure Rest API to determine the status of servers and services during Creation, Removal, Scale Up and Scale Down events. Retrace supports monitoring for both Cloud Services (Classic) and App Services (Web sites, Functions, etc..). To acquire resource information Retrace uses [OAuth 2.0 Access Tokens](https://docs.microsoft.com/en-us/azure/active-directory/develop/active-directory-protocols-openid-connect-code) on the Azure account to authenticate and make calls to the Azure Rest API. ## Prerequisites In order to successfully monitor your Azure services Stackify recommends using a dedicated service account rather than an individual user’s account. That account needs to be a [Work or School account](https://docs.microsoft.com/en-us/azure/active-directory/sign-up-organization) and have access to the subscriptions and services that you want to monitor. **Personal Azure accounts are not supported since they do not use Azure Active Directory**. Retrace also requires the installation of the Retrace Agent on your Cloud Services or the Stackify Web Job on your App Services. ## Setup To setup monitoring, login to your Retrace account and navigate to the Azure page of the Integrations section under Settings. You will need to be an Account Admin in order to access this page. ![](http://support.stackify.com/wp-content/uploads/2018/06/Capture-2018-06-02-at-10.51.24.png) On the Azure Settings page, select the Authorizations tab. Here you will see a list of integrations that have been created. Click the ***Add to my organization*** button to begin the authorization process. ![image.png](https://cdn.document360.io/3fcaf473-a1ef-4778-aa2c-fd28411c2b01/Images/Documentation/85e3b219-dc83-45b6-a5ab-171829038df9.png) After clicking ***Add to my organization*** you will be directed through a Microsoft login and authorization process and be prompted to allow Retrace to access your data. Once you allow Retrace to access your data you will be redirected back to Retrace. Retrace will now be able to query Azure Rest API for the state of your services and devices. NOTE: The Azure provided access token will allow access only to resources that the provided account has access to. This is why using a service account that is given permissions only to resources you may want to monitor is recommended. Ensure that Stackify has `User.Read` API Permission access granted for `Microsoft Graph`: ![image.png](https://cdn.document360.io/3fcaf473-a1ef-4778-aa2c-fd28411c2b01/Images/Documentation/image%2828%29.png) When Logging in When logging in from your Azure SSO you need to use the "My Apps" page in Azure. Or when using the direct URL you must use the "User Access URL" of the app. ![UserAccessURL.png](https://cdn.document360.io/3fcaf473-a1ef-4778-aa2c-fd28411c2b01/Images/Documentation/Screen%20Shot%202022-01-03%20at%201.20.32%20PM.png) ## Monitoring Retrace Access **Logs** The Azure Settings page provides a 7 day log of every access attempt Retrace made to Azure on your behalf. Reported is the date and time of access, the uri, account and the returned status code of the request. You can find this under the Azure API Access Log. **Remove Access** To disable access, go to the Authorizations tab and click Remove next to the authorization you wish to remove. **Legacy Support** Customers who had setup the now deprecated method of Azure Integration (****.publishsettings***) will see that integration listed as the *AzureManagementCert* integration type. It is recommended that you remove this and set up the integration using the current supported method. Support for the AzureManagementCert integration type will be removed at a future date.