1. Install azure CLI (linux shown below) using NodeJS install:

if nodejs, npm and/or azure-cli are not installed:

curl -sL https://deb.nodesource.com/setup_7.x | sudo -E bash -  

sudo apt-get install -y nodejs  

sudo npm install -g azure-cli

2. Login with azure cli:

azure login -u some_user@youraccount.com  

Output

info:    Executing command login
Password: *************
-info:    Added subscription <Subscription Name>                                   
info:    Setting subscription "<Subscription Name>" as default
+
info:    login command OK

NOTE: You can also do this without the "-u" to pop-up web browser for login, if available.

3. Get the Subscription ID and Tenant ID:

azure account show

Output

azure account show
info:    Executing command account show
data:    Name                        : <Subscription Name>
data:    ID                          : 00aaa000-00aa-0a00-0000-0a0000a0aa00
data:    State                       : Enabled
data:    Tenant ID                   : 0b00b0b0-0000-0000-00b0-bbb0b0b000bb
data:    Is Default                  : true
data:    Environment                 : AzureCloud
data:    Has Certificate             : No
data:    Has Access Token            : Yes
data:    User name                   : some_user@youraccount.com
data:    
info:    account show command OK

Here you have the first two pieces of information: 
Subscription ID (in this case, 00aaa000-00aa-0a00-0000-0a0000a0aa00)
Tenant ID (in this case, 0b00b0b0-0000-0000-00b0-bbb0b0b000bb)

Note: If you wish to use a subscription other than the default then use the following command:

azure account show -s <Other Subscription Name>

And use the ID and Tenant ID number from that output.


4. Get Client ID/Application ID and the Key:

For this step you will need to create an application within your subscription. From the command line this can be done by typing:

azure ad app create -n "<Application Name>" -m "<Application Home Page URL>" -i "<Application Identifier URL>" -p "<Password>"

In this example, I used the following values:
Application Name: "PMC Azure Dev"
Application Home Page URL: "https://console.parkmycloud.com"
Application Identifier URL: "https://PMC-Azure-Dev-not-used"
Password: "parkmycloud!"

Output

info:   Executing command ad app create
info:   Creating application PMC Azure Dev 
data:   AppId:                  000kkk0-00kk-0000-k00k-00kk0000000k 
data:   ObjectId:               00mm00m0-0000-0m00-mmm0-m000mm000mmm 
data:   DisplayName:            PMC Azure Dev 
data:   IdentifierUris:         0=https://PMC-Azure-Dev-not-used 
data:   ReplyUrls:               
data:   AvailableToOtherTenants: False 
data:   HomePage:                https://console.parkmycloud.com 
info:   ad app create command OK

Here you will need to copy the AppId (in this case, 000kkk0-00kk-0000-k00k-00kk0000000k).  

Your App Access Key is simply the password you just entered (in this case, parkmycloud!).

At this point you have everything you need for ParkMyCloud. However, there are a few more steps you need to complete the configuration on the Azure side.

5. Create a Service Principal for the Application:

You will need to create a Service Principal for the application by passing the Application ID from above:

azure ad sp create -a <Enter the App ID from above here>

Output

info: Executing command ad sp create
+ Creating service principal for application 00ppp000-00pp-0p00-0000-0p0000p0pp00
data: Object Id: cc00c00c-cc00-0c00-cc0c-000cc00c0000c
data: Display Name: PMC Azure Dev
data: Service Principal Names:
data: e0e00e00-0000-0ee0-0e0e-0eeee00e0000
data: https://PMC-Azure-Dev-not-used

  info: ad sp create command OK

Copy the Service Principal Object ID from the response for the next step.

6. Create a Custom Role with Limited Permissions:
Get the example role from the ParkMyCloud console Add Credential page, and paste it into a file (we called it PMCAzureExampleRole.json). It may look a little different from what's below, but you get the idea. (The latest permissions example will always be found in the ParkMyCloud console).
Suggest you give it the same name as the application
Perhaps referencing the application name in the description would also be helpful
Enter the subscription ID from step 3 as well:

{
"Name": "PMC Azure Dev",
"Description": "PMC Azure Dev Role",
"IsCustom": "true",
"Actions": [
"Microsoft.Compute/virtualMachines/read",
"Microsoft.Compute/virtualMachines/*/read",
"Microsoft.Compute/virtualMachines/start/action",
"Microsoft.Compute/virtualMachines/deallocate/action",
"Microsoft.Compute/virtualMachineScaleSets/read"
"Microsoft.Compute/virtualMachineScaleSets/write"
"Microsoft.Compute/virtualMachineScaleSets/start/action",
"Microsoft.Compute/virtualMachineScaleSets/deallocate/action",
"Microsoft.Compute/virtualMachineScaleSets/*/read",
"Microsoft.Resources/subscriptions/resourceGroups/read"
],
"NotActions": [],
"AssignableScopes": [

"/subscriptions/<Your_subscription_ID_here>"
]
}

Then execute the following command:

azure role create --inputfile PMCAzureExampleRole.json

Output

info: Executing command role create 
info: Validating role definition 
+ Creating role definition "00hh0h00-00hh0-000h-h0h0-0h0h0h000hh" 
info: Created role definition 00ff0f00-00ff0-000f-f0f0-0f0f0f000ff 
data: Name             : PMC Azure Dev 
data: Id               : 00gg0g00-00gg0-000g-g0g0-0g0g0g000gg 
data: Description      : PMC Azure Dev Role 
data: AssignableScopes : 0=/subscriptions/00aaa000-00aa-0a00-0000-0a0000a0aa00 
data: Actions          : 0=Microsoft.Compute/virtualMachines/read, 1=Microsoft.Compute/virtualMachines/*/read, 2=Microsoft.Compute/virtualMachines/start/action, 3=Microsoft.Compute/virtualMachines/deallocate/action, 4=Microsoft.Compute/virtualMachineScaleSets/read, 5=Microsoft.Compute/virtualMachineScaleSets/write, 6=Microsoft.Compute/virtualMachineScaleSets/start/action, 7=Microsoft.Compute/virtualMachineScaleSets/deallocate/action, 8=Microsoft.Compute/virtualMachineScaleSets/*/read, 9=Microsoft.Resources/subscriptions/resourceGroups/read 
data: NotActions : 
data: IsCustom         : true 
data: 
info: role create command OK

7. Assign the Custom Role to Service Principal:

The final step will be to map this custom role you have just created to the service principal:

azure role assignment create --objectId <Service principal Object Id> --roleId "<RoleId >" --scope /subscriptions/<Subscription ID>

Where:

Service Principal Object Id is from Step 5
Role Id is from Step 6 and 
Subscription ID is from Step 3


Output

+ Finding role with specified name |
data: RoleAssignmentId : /subscriptions/00aaa000-00aa-0a00-0000-0a0000a0aa00/providers/Microsoft.Authorization/roleAssignments/4ad11596-5f3b-4373-9e4b-871500916e5a 
data: RoleDefinitionName : PMC Azure Dev 
data: RoleDefinitionId : 00gg0g00-00gg0-000g-g0g0-0g0g0g000gg 
data: Scope            : /subscriptions/00aaa000-00aa-0a00-0000-0a0000a0aa00 
data: Display Name     : PMC Azure Dev 
data: SignInName       : undefined 
data: ObjectId         : cc00c00c-cc00-0c00-cc0c-000cc00c0000c 
data: ObjectType       : ServicePrincipal data: 
+ 
info: role assignment create command OK

That completes the application configuration within Azure. Now, you merely need to fill in the blanks on the credential page, give it a name and select a team to complete the configuration within ParkMyCloud




Troubleshooting:

* List custom roles:
  azure role list --custom

* Show the current custom role: 
  azure role show --name "PMC Azure Dev" --json

* Modify the current custom role: 
  azure role set --inputfile PmcAzureRoleExample.json

* Remove a role assignment from a Service Principal:
  azure role assignment delete --objectId <Service Principal Object ID> --roleId <Role Id>