Overview
The Lucidity Assessment for Azure helps you quickly analyze your cloud storage utilization and uncover optimization opportunities — without requiring any agent installation. The Lucidity Assessment for Azure delivers quick insights on:
How Does it Work
With Azure let us explore step-by-step of the Assessment Tool:
Depending on the Assessment Mode:
Dashboard-based Assessment - Customer Logs into Lucidity Dashboard
Desktop-based Assessment - Customer Downloads the Assessment App to local host such as an Azure VM or laptop, installs and opens app.
In both the modes the user chooses the Cloud Provider they want to assess - Azure in this case.
After choosing the Assessment Mode, the customer chooses the Authentication Method:
Authorization Code(Recommended for Desktop App) - This is the default and most user-friendly authentication method for Desktop App. It enables you to authenticate interactively using your Azure account credentials in the browser.
Device Code(Recommended for Dashboard App)- This option is ideal for Dashboard App users or who do not have direct browser access from the environment where the Lucidity Assessment App is being initiated.
Client Credentials - This option allows you to authenticate using a pre-created Service Principal (App Registration) in Azure Active Directory. It is ideal for non-interactive or automated environments.
Note
This step remains the same for both Assessment modes chosen at step 1.
For more information on Authentication Methods, read the next section.
Once the appropriate Azure User or Service Principal has been created and provided to Assessment App, the following key action takes place:
Depending on Assessment Mode:
Dashboard-based Assessment - Provisions an isolated environment for assessment
Desktop-based Assessment - Downloads latest dependencies
Assessment App authenticates with Azure based on Authentication Method chosen in step 2
Once authenticated, assessment app pings each VM to:
Based on Permission Mode, Lucidity Assessment App configure Azure VM Insights or fetch Disk Utilization using Run Command.
The Metadata is collected and analysed by Lucidity to provide cost savings.(Optional for Desktop App Based Assessment)
The flow diagram below illustrates critical steps in Lucidity Assessment for Azure:
.png?sv=2022-11-02&spr=https&st=2026-04-01T17%3A57%3A07Z&se=2026-04-01T18%3A09%3A07Z&sr=c&sp=r&sig=637NJezWEpfrOGDptamBtVZ0CgUoTGmyqfM%2F%2BCL4cFo%3D)
Authentication Methods
Lucidity provides three authentication methods to accommodate different deployment and access scenarios. Each method defines how the Lucidity Assessment app connects to Azure APIs securely using Microsoft Entra ID (Azure AD).
Feature | Option 1: Authorization Code | Option 2: Device Code | Option 3: Client Credentials |
|---|---|---|---|
Best For | Desktop-based assessments | Dashboard Based Assessment or where interactive login is not available | Enterprises using service principals or automation. |
Availability | Desktop App only | Dashboard App and Desktop App only | Both Desktop and Dashboard App |
Authentication type | OAuth 2.0 — Authorization Code Grant | OAuth 2.0 — Device Code Grant | OAuth 2.0 — Client Credentials Grant |
Setup Effort | Minimal — no app registration needed | Minimal — no app registration needed | Requires Azure App Registration and role assignment. |
How it Works | The user signs in using a standard Azure login screen. Lucidity Assessment App obtains a short-lived access token to read required metadata using the signed-in user's existing “Contributor” permissions | A device code is displayed on the Lucidity Dashboard. The user signs in from another browser/device to approve access. Lucidity then receives a token to collect metrics securely. | User register a Lucidity Assessment app in Azure AD (Microsoft Entra ID) and obtain a Client ID, Tenant ID, and Client Secret. These are entered into the Assessment app, which then authenticates programmatically using this service identity. |
Key Advantage | Quickest setup; leverages existing user roles; no IAM/RBAC changes required. | Works in restricted environments where standard browser login is unavailable. | Non-interactive; fully controlled via Azure AD and custom RBAC roles. |