Prerequisites for Azure Assessment

  • Updated on Mar 30, 2026
  • Published on Feb 27, 2026
  • 1 minute(s) read
Prev Next

Before initiating the assessment, ensure the following requirements are met.

  • IAM Role and Privileges

    The user initiating the assessment must have the permissions specified in the Permission Modes or If using a built-in role, they must have at least Contributor-level access to the subscription within the scope of the assessment.

  • Creating an App Registration[Client Credentials method]

    For client credentials authentication method, to create an App Registration, ensure that you have one of the following roles in Microsoft Entra ID (formerly Azure Active Directory):

    • Application Administrator, or

    • Application Developer

    These roles are required to register an application and generate credentials (Client ID and Client Secret) used for authentication.

  • Additional Pre-Requisites for Desktop App-based Assessment

    1. System Support and Downloads

      The Desktop App-based Assessments, is supported only from hosts with below OS:

      • Windows: Windows 10 and above

      • Linux: Ubuntu 20.04 and above

    2. Network Whitelisting and Firewall

      For Desktop App-based Assessments, ensure the host where the assessment app runs can access the following Lucidity URLs:

      dash-back.lucidity.dev
web.lucidity.dev
web-azurepls.lucidity.dev
analytics.lucidity.dev
audittool.s3.ap-south-1.amazonaws.com
d2vcv9qjomnl0x.cloudfront.net
audittool.lucidity.dev
*.lucidity.dev

      Note

      • If access to *.lucidity.dev is allowed, there is no need to whitelist individual subdomains.

      • Additionally, users must allow executable downloads from: https://audittool.lucidity.dev/*

    3. Network Whitelisting to Microsoft and Azure Endpoints

      Lucidity relies on Azure APIs to fetch Disk Utilization Metadata and generating Cost Savings report thus users must allow outbound access from the Desktop App-based Assessment host where the assessment runs to:

      login.microsoftonline.com/common/oauth2/v2.0/token
login.microsoftonline.com/*
management.azure.com/*
management.azure.com/subscriptions/*
api.loganalytics.io/v1/workspaces/*
*.ods.opinsights.azure.com
*.oms.opinsights.azure.com
api.monitor.azure.com/*
graph.microsoft.com/*

      Next: Get Started with Lucidity Assessment for Azure

Related articles