A: Generally speaking, the list of prerequisites for setting up CloudMonix is quiet short. However, because of possible certain complexities in various Azure environments, things can get slightly nuanced when firewalls are involved.
Before authorizing CloudMonix to your Azure AD/subscription, please review CloudMonix security policies: https://support.cloudmonix.com/support/solutions/articles/5000562406-security
The most popular scenario: setting up monitoring of resources through Azure Resource Manager (ARM) authorization requires either a Limited Administrator with Service Administration privilege or a Global Administrator account in the Azure Active directory. This account must be an owner in the target Azure subscription. More information about ARM authorization is here: https://support.cloudmonix.com/support/solutions/articles/5000557846
IMPORTANT: Once Setup Wizard completes successfully, the user whose credentials were used to authorize CloudMonix against an Azure subscription can be deleted or downgraded. Successful Setup Wizard stage of CloudMonix creates a CloudMonix principal in the target Azure Active Directory. Further runs of Setup Wizard can be done utilizing Previously Authorized Azure Token option, even if original user that was used to authorize CloudMonix in Azure AD/subscription, was removed.
In case CloudMonix needs to monitor Azure Classic resources, the management certificate authorization is required. The installing user should be a co-admin in the target Azure subscription or have access to publish-settings file available from the Management Certificates section of the Subscription blade of the Azure portal. More information about Classic authorization is here: https://support.cloudmonix.com/support/solutions/articles/5000557846
Inbound firewalls for database-based resources
Certain Azure resources may have an inbound firewall that prevents CloudMonix from monitoring these resources directly. These resources are typically database resources running either in Azure PaaS stack or on Azure VMs. ie: Sql Azure database, Sql Warehouse, Sql ElasticPool, Sql Database on a VM, etc. In such cases, inbound firewall must have open to CloudMonix's static IP addresses. More information about static IPs is here: https://support.cloudmonix.com/support/solutions/articles/5000598221
Outbound firewalls for installed agents
Certain VMs may have custom outbound firewalls installed on them that prevent them from communicating out to CloudMonix API storage and services. In such cases, VM firewalls need to be configured to allow of communication from CloudMonix agents to CloudMonix APIs. More information about this is here: https://support.cloudmonix.com/support/solutions/articles/5000598221
If installation of CloudMonix agents is required on VMs, then RDP and local administrative privileges are required to access servers and install the agent on them.