Azure FinOps Audit — Full Integration

No installation on client premises. Everything runs from the website. Clients only grant permissions.

Architecture

User Browser → Website (run.html) → Backend API → Azure OAuth → Real Audit
                     ↓
              Connect to Azure (OAuth)
                     ↓
              Enter passphrase
                     ↓
              Run Audit (token-based discovery)
                     ↓
              Download encrypted report

Quick Start

1. Azure AD App (one-time)

Azure Portal → Microsoft Entra ID → App registrations → New
Redirect URI: Web → http://localhost:8000/api/auth/callback
Certificates & secrets → New client secret
API permissions → Add → Azure Service Management → user_impersonation (delegated)

2. Run Backend

cd Azure_Finance_Auditor

export AZURE_CLIENT_ID=<your-app-id>
export AZURE_CLIENT_SECRET=<your-secret>
export AZURE_TENANT_ID=<your-tenant>
export REDIRECT_URI=http://localhost:8000/api/auth/callback

pip install -r backend/requirements.txt -r azure_finops_audit/requirements.txt
uvicorn backend.main:app --host 0.0.0.0 --port 8000

3. Open http://localhost:8000

Click Run Audit Now
Click Connect to Azure → sign in with Microsoft
Enter passphrase, click Run Audit
Wait for completion, download encrypted report

What Runs

Discovery: Azure REST API with user's token (Reader + Cost Management Reader)
Analysis: Optimization, forecast, ARM templates
Output: AES-256 encrypted, only passphrase holder can decrypt

Deploy to Production

Backend: Azure App Service (Python) or Container Apps
Website: Azure Static Web Apps (or served by backend)
Set env vars, update REDIRECT_URI to production URL

azure_finance_audit

README

Azure FinOps Audit — Full Integration

Architecture

Quick Start

1. Azure AD App (one-time)

2. Run Backend

3. Open http://localhost:8000

What Runs

Deploy to Production