Morpheus offers a complete Integration with Microsoft Azure including the following:
Virtual Machine Sync, Create, Delete, Manage, RBAC, Tenant Permissions, Policies
Resource Group Sync, Create, Delete, RBAC, Tenant Permissions
Network Sync, Create, Delete, RBAC, Tenant Permissions
Subnet Sync, Create, Delete, RBAC, Tenant Permissions
Security Group Sync, Create, Delete, Tenant Permissions
Security Group Rule Sync, Create, Delete, Tenant Permissions
ARM Blueprints, Spec Templates, Deployment Logs Sync, Git/GitHub Integration
MSSQL Service Sync, Create, Delete, Manage, RBAC, Tenant Permissions
AKS Sync, Sync, Create, Delete, Manage, RBAC, Tenant Permissions
Backup Create, Delete, Manage, RBAC, Policies
Storage Sync, Create, Delete, Manage, Browse, RBAC, Tenant Permissions, Policies
Private Image Sync & Upload
Azure Marketplace Custom Library Item Support
Remote Console (SSH & RDP)
Availability Set Support
Scale Set Sync, Create, Assign, Manage, Delete
Azure Load Balancer Create, Assign, Manage, Delete, RBAC, Tenant Permissions
Docker (VM) Cluster Sync, Create, Delete, Manage, RBAC, Tenant Permissions
Kubernetes (VM) Cluster Sync, Create, Delete, Manage, RBAC, Tenant Permissions
Service Plan Sync, Tenant Permissions, RBAC
Pricing Sync RBAC, Tenant Permissions, Markup
Costing Sync, Reporting, Invoicing
Reservations Sync, Guidance Recommendations
Azure Stack Support
Tag Bi-Directional Sync, Creation, Deletion Policy Enforcement
Azure US Gov Support
Azure China Support
Azure Germany Support
CSP Account Support
Morpheus Azure Integration requires Owner or Contributor access to subscription via App Registration. Adding an Azure Cloud or Clouds to Morpheus will require the following:
Azure Subscription ID
Directory (tenant) ID
Application (client) ID
Application (client) Secret
Application (client) must be Owner or Contributor of Subscription
CSP Accounts require the additional following input:
CSP Directory (tenant) ID
CSP Application (client) ID
CSP Application (client) SECRET (Web App Key)
The Morpheus appliance requires outbound HTTPS (443) access to the Azure endpoints. Depending on the type of cloud you choose when adding Azure, ensure the proper endpoints are allowed:
- Global Azure Cloud
- US Gov Cloud
- Germany Cloud
- China Cloud
Credentials & Permissions¶
Morpheus authenticates with Azure via an App Registration with an Owner or Contributor Role on a Subscription. Use the steps below to create and collect the required credentials and assign the required permissions to integrate Azure with Morpheus.
Using an App Registration (service principal) that has selective resource permissions and is not an Owner or Contributor of the Subscription is not supported and will cause failures/issues. Please confirm the App Registration you use to integrate Azure with Morpheus has Owner or Contributor permissions on the specified Subscription before contacting support.
Create an App Registration¶
If you do not have an existing Azure Active Directory App Registration, or you wish to use an new one for Morpheus, you will need to create one.
Log into the Azure web console
Select “App Registrations”, you may have to go to the “All Services” page to find it
Click “+ New registration”
Next, give app a name, specify which accounts may access this API, specify Web for the Redirect URI type and enter any url for the Sign-on URL:
Click Register and your new App Registration will be created.
Now that we have (or already had) our App Registration, we will gather the credentials required for the Morpheus Azure integration.
Copy Directory (tenant) and Application (client) IDs¶
The App Registration Directory (tenant) and Application (client) ID are required for the Morpheus Azure integration. Both can be found in the overview section of the App Registration.
Generate a Client Secret¶
While still in your App Registration:
Select Certificates & secrets in the Manage Section
+ New client secret
The “Add a client secret” modal will come up
Add a description to help identify the secret in the future
Select a duration
Copy the newly generated Client Secret Value. It is important to copy the Client Secret Value now as it will not be displayed/available
Copy the key value before continuing as it will not be displayed/available again.
Store/Paste for use as the Client Secret when Adding your Azure cloud in Morpheus
You now have 3 of the 4 credentials required for Morpheus Azure cloud integration. The last credential required is the Azure Subscription ID.
To get the Azure Subscription ID:
Make App Registration owner or contributor of Subscription¶
The App Registration created/used needs to be an owner of the Azure Subscription used for the Morpheus cloud integration. If lesser permissions are given or permissions are assigned at individual resource levels, Morpheus will not be able to properly inventory/sync, create and/or remove resources.
In the main Subscriptions section, click on the name of the Subscription
With the Subscription detail open, select “Access Control (IAM)”
Click “+ ADD” and then click “Add role assignment” from the pop-out menu
Click on the tab for “Privileged administrator roles”
Select Owner or Contributor and click “Next”
Add Members to the Role Assignment by clicking “+ Select members”
Select the App Registration from the search results and click Select
Click “Review + Assign”
Add an Azure Cloud Integration¶
To add a new Azure Cloud integration into Morpheus using the credentials created/collected from the previous section, perform the following:
In Morpheus, navigate to
Infrastructure > Cloudsand select + ADD
Select “AZURE (PUBLIC)” from the Cloud Types list and click NEXT
Populate the Following
Name of the Cloud in Morpheus
Unique code used for api/cli, automation and policies.
Description field for adding notes on the cloud, such as location.
For setting cloud permissions in a multi-tenant environment. Not applicable in single tenant environments.
If Visibility is set to Private, select the Tenant the Cloud resources will assigned to.
When disabled, automatic Cloud sync is paused and the Cloud will not be selectable for provisioning.
- AUTOMATICALLY POWER ON VMS
When enabled, Morpheus will maintain the expected power state of managed VMs. Morpheus will power on any managed VMs in the Cloud that have been shut down for unknown reasons (not powered off by Morpheus) to ensure availability of services.
When “AUTOMATICALLY POWER ON VMS” is enabled, the power state of managed VMs should be maintained in Morpheus. This setting is not applicable to discovered/unmanaged resources.
- CLOUD TYPE
Standard (Azure Cloud)
US Gov (Azure US Government)
German (Azure German Cloud)
China (Azure China Cloud)
- SUBSCRIPTION ID
The target Azure Subscription ID obtained from the previous section
- TENANT ID
The Directory (tenant) ID obtained from the previous section
- CLIENT ID
The Application (client) ID obtained from the previous section
- CLIENT SECRET
The Application (client) Secret obtained from the previous section
Once valid credentials are populate above and Morpheus is able to successfully authenticate with Azure, the available locations/regions will populate.
- RESOURCE GROUP
Select “All” to scope the Cloud to all available Resource Groups in the specified location/region.
Select a single Resource Group to limit Morpheus resource creation, selection and discovery to just this Resource Group.
- INVENTORY EXISTING INSTANCES
Check to enable discovery/inventory of existing VM’s in the scoped Region and Resource Group(s)
- INVENTORY LEVEL
Morpheus will sync information on all resources in the selected Resource Group(s), including Name, IP Addresses, Platform Type, Power Status, and overall resources sizing for Storage, CPU and RAM, every 5 minutes. Inventoried VM’s will appear as Unmanaged VM’s.
- Full (API Heavy)
In addition to the information synced from Basic Inventory level, Morpheus will gather Resource Utilization metrics for Memory, Storage and CPU utilization per VM when available.
Existing VM’s will not be inventoried
- ACCOUNT TYPE
Standard, EA or CSP
For CSP Accounts, also enter CSP TENANT ID, CSP CLIENT ID and CSP CLIENT SECRET in the Advanced Options section. In order to enable cost sync for CSP accounts, the “CSP CUSTOMER” checkbox must be marked and “COSTING” should be set to “Costing” rather than “Costing and Reservations”.
For the CSP Client Secret, enter the Web App Key rather than the Native App Key. This should be accessed from the Microsoft Partner Center rather than the Azure web console. If this is not, Plans may sync but Price Sets and Prices would not.
Specify a default domain for instances provisioned to this Cloud.
- SCALE PRIORITY
Only affects Docker Provisioning. Specifies the priority with which an instance will scale into the cloud. A lower priority number means this cloud integration will take scale precedence over other cloud integrations in the group.
- APPLIANCE URL
Alternate Appliance url for scenarios when the default Appliance URL (configured in admin > settings) is not reachable or resolvable for Instances provisioned in this cloud. The Appliance URL is used for Agent install and reporting.
- TIME ZONE
Configures the time zone on provisioned VM’s if necessary.
- DATACENTER ID
Used for differentiating pricing among multiple datacenters. Leave blank unless prices are properly configured.
- NETWORK MODE
Unmanaged or select a Network Integration (NSX, ACI etc)
- LOCAL FIREWALL
On or Off. Enable to managed Host and VM firewall/IP Table rules (linux only)
- SECURITY SERVER
Security Server setting is for Security Service Integrations such as ACI
- TRUST PROVIDER
Select Internal (Morpheus) or an existing Trust Provider Integration
- STORAGE MODE
Single Disk, LVM or Clustered
- BACKUP PROVIDER
Select a backup provider. Depending on the Cloud type and any currently-configured backup plugins you may select Internal Backups (Morpheus) or another configured backup solution
- REPLICATION PROVIDER
Sets the default Replication Provider for the Cloud. Select an existing Replication Provider Integration
Enable Guidance recommendations on cloud resources.
Enable for Morpheus to sync Costing data from the Cloud provider, when available. For on-prem Clouds, enabling costing activates a costing service designed to mirror the live costing experience of public clouds, including invoicing with line items and real-time cost data (Operations > Costing > Invoices). If your organization utilizes reserved instances and you want to pull in related pricing data, some Cloud integrations include the option to select Costing and Reservations. If this is not relevant, select Costing to save money on additional calls to the Cloud provider’s costing API.
- DNS INTEGRATION
Records for instances provisioned in this cloud will be added to selected DNS integration.
- SERVICE REGISTRY
Services for instances provisioned in this cloud will be added to selected Service Registry integration.
- CONFIG MANAGEMENT
Select a Chef, Salt, Ansible or Puppet integration to be used with this Cloud.
Select CMDB Integration to automatically update selected CMDB.
- CMDB DISCOVERY
When checked, any automatically discovered (unmanaged) servers onboarded into Morpheus from this Cloud will also have CMDB records created for them.
- CHANGE MANAGEMENT
Select an existing Change Management Integration to set on the Cloud. ex: Cherwell
- AGENT INSTALL MODE
SSH / WINRM: Morpheus will use SSH or WINRM for Agent install.
Cloud Init / Unattend (when available): (DEFAULT) Morpheus will utilize Cloud-Init or Cloudbase-Init for agent install when provisioning images with Cloud-Init/Cloudbase-Init installed. Morpheus will fall back on SSH or WINRM if cloud-init is not installed on the provisioned image. Morpheus will also add Agent installation to Windows unattend.xml data when performing Guest Customizations or utilizing syspreped images.
- API PROXY
Set a proxy for outbound communication from the Morpheus Appliance to the Cloud endpoints. Proxies can be added in the Infrastructure > Networks > Proxies tab.
- INSTALL AGENT
Enable to have Agent Installation on by default for all provisioning into this Cloud. Disable for Agent Installation to be off by default for all provisioning into this Cloud.
Set a proxy for inbound communication from Instances to the Morpheus Appliance. Proxies can be added in the Infrastructure > Networks > Proxies tab.
- Bypass Proxy for Appliance URL
Enable to bypass proxy settings (if added) for Morpheus Agent communication to the Appliance URL.
- NO PROXY
Include a list of IP addresses or name servers to exclude from proxy traversal
- USER DATA (LINUX)
Add cloud-init user data. Morpheus 4.1.0 and earlier assumes bash syntax. Morpheus 4.1.1 and later supports all User Data formats. Refer to https://cloudinit.readthedocs.io/en/latest/topics/format.html for more information.
- AZURE COSTING MODE
Standard, CSP, or Azure Plan
Example configurations but choose what is applicable to the tenant:
Azure Costing Mode
Standard (Pay as you go)
EA (Enterprise Agreement)
CSP (Cloud Solution Provider)
CSP Tenant, ID, Client ID, and Client Secret required
CSP (Cloud Solution Provider)
Azure Plan (Microsoft Customer Agreement)
CSP Tenant, ID, Client ID, and Client Secret required on the primary cloud
Once done configuring the Cloud, select NEXT. NOTE all specified values except the Subscription ID can be changes after the Cloud is created.
Next select an existing Group to add the Azure Cloud to, or create a new Group, then select NEXT
Review the configuration and then select COMPLETE
Your new Azure Cloud integration will be created and begin to sync.
The initial sync of an Azure Cloud can take some time due to Marketplace data sync.