Data is missing from management API using service principle. ex: Advisor Recommendations

Mahesh Reddy 20 Reputation points
2024-09-02T13:26:14.2+00:00

I have a requirement to load datasets from management.Azure.com (Management API), for example: Advisor Recommendations, Resources

I have created a service principal in app registration and have been able to obtain the access token. However, when loading the resources, only few records are being loaded instead of the full data set. I can view many resources from Azure, but when I try to get the list of resources for each subscription from the API.

my question what is the maximum data I can load from advisor recommendations ex: months, Quarterly, half yearly, last 12 months?, we have requirement from client to show 12 months data based 12 months data plaining for analysis.

Do I need admin agent permissions?

we are using synapse to get data.

below i have added the permissions details from app reg.

User's image

I’m not sure what permissions are missing or what needs to be done to be able to access all of the resources. For example, the URL used to get resources is: GET https://management.azure.com/subscriptions/{subscriptionId}/resources?api-version=2021-04-01

Resources is just one example, but data is also missing for other datasets such as Tasks, Secure Score, Assessments, etc.

Please note that I’m trying to get this information from multiple subscriptions under the same tenant.

Could someone please suggest what needs to be done or where I need to check in order to retrieve all data from the API?

Thanks in advance.

Azure Data Lake Storage
Azure Data Lake Storage
An Azure service that provides an enterprise-wide hyper-scale repository for big data analytic workloads and is integrated with Azure Blob Storage.
1,511 questions
Azure Synapse Analytics
Azure Synapse Analytics
An Azure analytics service that brings together data integration, enterprise data warehousing, and big data analytics. Previously known as Azure SQL Data Warehouse.
5,093 questions
Azure Data Factory
Azure Data Factory
An Azure service for ingesting, preparing, and transforming data at scale.
11,049 questions
Azure Advisor
Azure Advisor
An Azure personalized recommendation engine that helps users follow best practices to optimize Azure deployments.
70 questions
0 comments No comments
{count} votes

Accepted answer
  1. Vinod Kumar Reddy Chilupuri 1,915 Reputation points Microsoft Vendor
    2024-09-03T09:59:11.5533333+00:00

    Hi @Mahesh Reddy
    Thanks for the question and using MS Q&A platform.

    As I understand you're experiencing some issues with retrieving the full dataset from the Azure Management API. I'd be happy to help you troubleshoot this.

    Here are some steps to help you troubleshoot and resolve the issue:

    • Permission Issues: First, let's check the permissions. Since you've created a service principal in Azure AD App Registration, you need to ensure that the service principal has the necessary permissions to access the resources. Here are some possible permissions that might be missing: Microsoft.Resources/subscriptions/resourceGroups/read Microsoft.Resources/subscriptions/resources/read Microsoft.Security/assessments/read Microsoft.Security/tasks/read Microsoft.Security/secureScores/read You can check the Azure AD App Registration's API permissions by going to the "API permissions" tab and verifying that the necessary permissions are listed. If not, you can add them by clicking "Add a permission" and searching for the required permissions.
    • Handle pagination: The Azure Management API uses pagination to limit the number of results returned in a single response. By default, the API returns a maximum of 100 results per page. To retrieve all data, you need to handle pagination correctly. When calling the API, check the response headers for the Link header, which contains a URL to the next page of results. You can then use this URL to retrieve the next page of data.

    For example, in the response headers, you might see:

     

    Link: <https://management.azure.com/subscriptions/{subscriptionId}/resources?api-version=2021-04-01&$skiptoken={skiptoken}>; rel="next"
    

    Use the URL in the Link header to retrieve the next page of results. Continue this process until there are no more pages to retrieve.

    • Check subscription scope: Since you're trying to retrieve data from multiple subscriptions under the same tenant, ensure that your service principal has the necessary permissions at the tenant level. Assign the required permissions to your service principal at the tenant level, and then use the https://management.azure.com/ endpoint to retrieve data from all subscriptions.
    • Verify token scope: When obtaining the access token, ensure that the token scope includes the necessary permissions for each dataset. You can do this by specifying the scope parameter when requesting the access token. For example, to retrieve resources, you might specify the scope as https://management.azure.com/.default.
    • Use the correct API version: Ensure that you're using the correct API version for each dataset. The API version you're using (2021-04-01) might not be the latest or the one that supports the features you need. Check the Azure Management API documentation for each dataset to determine the recommended API version.  
    • It seems like the issue is that you are unable to add the required permissions. The permissions you mentioned are not available in the Azure AD app registration's API permissions. This means that you need to add them manually.

    By following these steps, you should be able to retrieve all data from the Azure Management API for each dataset.

     

    Please let us know if you have any further queries. I’m happy to assist you further. 

     

    Please do not forget to "Accept the answer” and “up-vote” wherever the information provided helps you, this can be beneficial to other community members.


0 additional answers

Sort by: Most helpful

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.