Microsoft Azure resource inventory discovery

  • Release version: Yokohama
  • Updated January 30, 2025
  • 3 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of Microsoft Azure resource inventory discovery

    The ServiceNow Discovery application leverages the Azure Resource Inventory (LP) pattern to identify Azure resources that lack dedicated discovery patterns. This enables customers to discover up to 10,000 Azure resources efficiently. To use this capability, customers may need to update to the latest Discovery and Service Mapping Patterns application from the ServiceNow Store.

    Show full answer Show less

    Prerequisites

    • Azure service principal: Ensure the service principal is properly configured for authentication.
    • Privileges: For versions 1.3.0 and later, assign a user the API Management Service Reader role with permission to execute a specific REST POST request on the Azure management endpoint. For earlier versions, provide a user with the same role and permission for a REST GET request on the subscription resources URL.

    Configuring Discovery

    • Create a Cloud Discovery schedule: Set up a schedule for your Azure service account to run the discovery process according to standard ServiceNow cloud discovery scheduling procedures.
    • Fine-tune discovery using the Resource Inclusion List: To avoid duplicate discoveries where custom Azure discovery patterns exist, configure the Cloud Inventory Resource Inclusion List table. This involves removing resource types handled by custom patterns and optionally adding new resource types as needed.

    Important: Modifying the out-of-the-box inclusion list means you must maintain it manually since it will no longer update automatically with application updates.

    Data Collection and CMDB Integration

    Discovery collects key data about Azure resources including:

    • Cloud Resource [cmdbcicmpresource]: Name, resource type, Object ID, and descriptive information.
    • Key Value [cmdbkeyvalue]: Azure tag keys and values associated with resources.

    The discovery process also establishes relationships such as Hosted on between Azure cloud resources and Azure datacenters, enabling accurate configuration management within the CMDB.

    Application Scope

    All configuration and customization for the Azure Resource Inventory pattern should be performed within the Discovery and Service Mapping Patterns application scope to ensure proper behavior and updates.

    Practical Benefits for ServiceNow Customers

    • Enables comprehensive inventory of Azure resources, including those without dedicated patterns, enhancing visibility and management.
    • Supports large-scale discovery (up to 10,000 resources), suitable for enterprise environments.
    • Allows customization to prevent duplicate discoveries and optimize performance.
    • Automates population of CMDB with detailed Azure resource data and relationships, improving configuration accuracy.

    The ServiceNow Discovery application uses the Azure Resource Inventory (LP) pattern to find resources available through Azure that don’t have a dedicated pattern. Discovering some of these resources may require updating to the latest version of the Discovery and Service Mapping Patterns application from the ServiceNow Store.

    You can discover up to 10 thousand resources using the Azure Resource Inventory (LP) pattern.

    Request apps on the Store

    Visit the ServiceNow Store website to view all the available apps and for information about submitting requests to the store. For cumulative release notes information for all released apps, see the ServiceNow Store version history release notes.

    Prerequisites

    Azure service principal
    Verify the Azure service principal is configured. For more information, see Discovery for Microsoft Azure Cloud
    Privileges
    For versions 1.3.0 and later:

    On the Microsoft Azure Console, provide a user with the API Management Service Reader role with permissions to run the following REST POST request:

    "https://management.<resource url>/providers/microsoft.resourcegraph/resources?api-version=2022-10-01"

    <resource url> – The URL varies based on the Azure account type, like "azure.com" or government site address.

    For versions 1.0.99 and earlier:

    On the Microsoft Azure Console, provide a user with the API Management Service Reader role with permissions to run the following REST GET request:

    "https://management.azure.com/subscriptions/<subscription id>/resources"

    Create a Cloud Discovery schedule
    Create a schedule for the relevant Azure service account as described in Create discovery schedules for cloud resources
    Fine-tune Azure inventory discovery using the Resource Inclusion List
    If your deployment has custom patterns for Azure discovery, ensure that you don’t discover Azure resources twice.
    Note:
    Leaving the [pre_resource_whitelist] table empty causes the Pattern to populate all resources and it might cause performance issues.
    1. Ensure that the application scope is Discovery and Service Mapping Patterns:
      1. Navigate to Settings > Developer.
      2. Select Discovery and Service Mapping Patterns from the Application list.
    2. Navigate to System Definitions > Tables.
    3. Open the Cloud Inventory Resource Inclusion List [sa_cloud_inventory_resource_whitelist] table.
    4. Under Related Links, click Show List.
    5. Select resource types for which you have custom patterns, and select Delete from the Actions on selected rows list.
    The Cloud Inventory Resource Inclusion List is predefined with common services. You can expand the inclusion list with additional resource types that you want the pattern to discover. The names of these resource types must conform to the appropriate vendor naming conventions.
    Note:
    When you modify the out-of-the-box inclusion list, it is no longer updated automatically in application updates. You must maintain the customized list on your own.
    1. Open the Cloud Inventory Resource Inclusion List [sa_cloud_inventory_resource_whitelist] table.
    2. Click New.
    3. Fill in the form, and then click Submit.
      Field Description
      Cloud Vendor The vendor of the resource type: Azure.
      Resource Type The Azure resource type value.
      Application The application scope: Discovery and Service Mapping Patterns.
    The changes are applied the next time you run the pattern.
    Modify the ServiceNow related entries
    1. Navigate to Related Entries.
    2. Click New.
    3. For the identifier, enter cmdb_ci_cmp_resource.
    4. For the related table, select Key Value [cmdb_key_value].
    5. For the referenced field, select Configuration Item.
    6. For the criterion attributes, add Key and Value.

      You may need to click the lock icon Lock icon to view and change the criterion attributes.


    Related entry form

    Data collected by Discovery during horizontal discovery

    Table and field Additional information
    Cloud Resource [cmdb_ci_cmp_resource]
    Name A descriptive name used to identify the Azure resource.
    Resource type The type of the resource, for example network, load balancer.
    Object ID The ID of the Azure resource.
    Description The text populated during discovery that specifies that this resource is available from Azure.
    Key Value [cmdb_key_value]
    Key The Azure tag key name.
    Value The Azure tag value name.

    CI relationships

    These relationships are created to support Azure resource inventory discovery:
    CI Relationship CI
    Cloud Resource [cmdb_ci_cmp_resource] Hosted on:Hosts

    Azure datacenter [cmdb_ci_azure_datacenter]