With ServiceNow's Azure Cloud Discovery, one can better keep track of their Azure environment and subscriptions. But this is primarily a manual effort, needing to create discovery schedules for each subscription. Some organizations have many Azure subscriptions, which can be challenging to keep up with. Instead of creating these manually, I have designed a solution to automatically discover new Azure subscriptions and create discovery schedules for them once found.
The first item to get set up is a scheduled job that emulates the Discover Subscriptions UI action found on Azure Service Principal records. This scheduled job would bring in new subscriptions daily if any were created within the Azure account. We can use a flag on the service principal record to avoid discovering new subscriptions on every Azure account. Here is a look at the Discover Subscriptions UI action script, which we can emulate in the scheduled job.
The next piece of the puzzle is to trigger the creation of cloud discovery schedules for each new subscription. One option is to trigger it with a business rule on the Cloud Service Account table, where subscriptions are saved. Within the business rule script, we must emulate what the Cloud Discovery wizard creates. With some research, I found that this wizard houses its helper functions in the CloudDiscoveryScheduleConfig script include. We can utilize this script include to properly generate cloud discovery schedules. We must use this OOB script include as we would see errors when executing the cloud discoveries if we didn't.
The screenshot above shows the steps the Cloud Discovery wizard takes you through. Selecting which data centers, whether we want to discover virtual machines, and timing the schedules are all things we need to consider when generating our cloud discovery schedule. Customizations like these can be catered for when writing our script.
Once all set up, our end result will be an organized, always up-to-date Azure CMDB. We will only need to monitor for new subscriptions and schedules as the automation removes most of the manual work. This automated solution will help organizations confidently know that their Azure data is current and fresh.