You want to scan your Azure services and set up your scanning target following the Lansweeper guidelines.
You hit the Scan now button, craving to see all the information of your Azure instances and services flowing in, but instead, you get a disappointing: No valid or working credentials found for tenant Id '
What happened?
Scanning Microsoft Cloud services requires creating a Microsoft Cloud Services credential account. This account (aka: Registered App) needs a specific set of attributes to scan your Azure instance:
- Application (client) ID
- Directory (tenant) ID
- A client secret or a certificate thumbprint
- API Permissions on the Azure instance
If any of these are incorrect or insufficient, you will likely end up with the following error message: No valid or working credentials found for tenant Id '.
Now what?
This can be tricky to troubleshoot. However, examining the Azure Sign-in logs might shed some light on the issue.
Whenever the account is used to access Azure resources, a log entry is kept in Azure (> Azure Active Directory > Monitoring > Sign-in logs: Service principal sign-in), that shows:
- the time the connection attempt was made (Date)
- the Microsoft Cloud Services credential that was used (Service principal name)
- whether the attempt was successful or not (Status)
- the public IP address the attempt was made from (IP address)
Multiple attempts from the same account are grouped and can be opened by clicking the > sign.
If you are experiencing problems with scanning Azure resources, check the Azure Sign-in logs for details on the login attempt Lansweeper is trying to make.