Skip to main content

How to Enable Azure Cost Visibility

Purpose: Grant the Cost Management Reader role so the team can view subscription costs via API and CLI.

Background: Azure cost queries return SubscriptionCostDisabled because the current identity lacks the Cost Management Reader role. This blocks /finops:azure-monthly and all Azure cost reporting commands.

  1. Sign in to portal.azure.com with Owner or User Access Administrator role
  2. Search Subscriptions in the top bar, select the target subscription
  3. Click Access control (IAM) in the left menu
  4. Click + Add > Add role assignment
  5. Role tab: Search "Cost Management Reader" and select it
  6. Members tab: Click + Select members, find the user or service principal
  7. Click Review + assign

Method 2: Azure CLI

Run from a terminal with Owner-level access:

Step 1 — Find subscription:

az account list -o table

Step 2 — Get user object ID:

az ad user show --id "[email protected]" --query id -o tsv

Step 3 — Assign role:

az role assignment create \
  --assignee <OBJECT_ID> \
  --role "Cost Management Reader" \
  --scope "/subscriptions/<SUBSCRIPTION_ID>"

Step 4 — Verify:

az role assignment list \
  --assignee <OBJECT_ID> \
  --query "[?roleDefinitionName=='Cost Management Reader']" \
  -o table

Multiple Subscriptions

List all subscriptions with az account list --query "[].id" -o tsv, then assign the role on each subscription scope.

Validation

After assigning the role, verify cost data is accessible:

az rest --method post \
  --url "https://management.azure.com/subscriptions/$AZURE_SUBSCRIPTION_ID/providers/Microsoft.CostManagement/query?api-version=2023-11-01" \
  --body '{"type":"ActualCost","timeframe":"MonthToDate","dataset":{"granularity":"None","aggregation":{"totalCost":{"name":"Cost","function":"Sum"}}}}'

Expected: JSON response with properties.rows containing cost data.

If SubscriptionCostDisabled persists, wait 5 minutes for role propagation and retry.

Troubleshooting

ProblemSolution
SubscriptionCostDisabled after assignmentWait 5 minutes for propagation, retry
AuthorizationFailed on role assignmentYou need Owner or User Access Administrator role on the subscription
Cost shows $0 for some subscriptionsEA (Enterprise Agreement) billing data may only be visible through the EA portal CSV download
Multiple tenantsLogin to the correct tenant first: az login --tenant $AZURE_TENANT_ID
  • /finops:azure-monthly — Monthly Azure cost report (requires this role)
  • /finops:azure-anomaly-detect — Azure spending anomaly detection
  • /finops:azure-rightsizing — Over-provisioned resource identification
  • /finops:azure-validate — Cross-validate Azure MCP vs CLI data

Owner: Cloud Platform Team | Timeline: Complete by 18 April 2026