Features
Cloud Accounts
Microsoft Azure

Connect Microsoft Azure Account

Connect your Azure account to OEC.sh using secure OAuth authentication.

What You'll Get

After connecting your Azure account, OEC.sh can:

CapabilityWhat It Enables
ComputeAuto-provision Azure VMs for Odoo hosting
StorageUse Blob Storage for automated backups
DNSManage Azure DNS zones for your domains

Prerequisites

Before you begin, ensure you have:

Connection Method

Azure uses OAuth 2.0 authentication. You'll authorize OEC.sh to access your Azure resources through Microsoft's secure login.

Note: OAuth means you don't share passwords or secrets with OEC.sh. Microsoft handles the authentication.

Step-by-Step Connection

Step 1: Navigate to Cloud Accounts

  1. Log in to app.oec.sh (opens in a new tab)
  2. Click Settings in the left sidebar
  3. Click the Cloud Accounts tab

Step 2: Start Connection

  1. Click the Add Account button
  2. Under One-Click Connect (OAuth), find Microsoft Azure
  3. Click the Microsoft Azure card

Step 3: Sign in to Microsoft

A new browser tab opens to Microsoft:

  1. Sign in with your Azure account
    • Use an account with Owner or Contributor access to the subscription
  2. If your organization uses SSO, complete that flow

Step 4: Review and Consent

Microsoft shows you what OEC.sh is requesting:

Permissions requested:

  • Azure Service Management - user_impersonation
    • Allows OEC.sh to manage Azure resources on your behalf

Review the consent screen carefully:

  1. Verify the app name shows "OEC.sh" or your configured app name
  2. Confirm the permissions match expected scope
  3. Click Accept to authorize

First time only: If you see "Admin consent required", your Azure AD admin needs to approve the app first. Contact your IT team.

Step 5: Confirm Connection

After authorization:

  1. Browser redirects back to OEC.sh
  2. Your Azure account appears in the list
  3. Status shows Active with a green badge
  4. Capability badges display: Compute, Storage, DNS

Verify Your Connection

Check Account Status

Your connected account should display:

  • Name: "Microsoft Azure" (you can rename it)
  • Status: Active (green)
  • Capabilities: Compute, Storage, DNS badges
  • Account: Your Azure email/account name

Test the Connection

  1. Find your account in the list
  2. Click the refresh icon (circular arrow)
  3. Status should remain "Active"
  4. If validation fails, see Troubleshooting

What Permissions Does OEC.sh Request?

When you authorize OEC.sh, we request these Azure scopes:

ScopePurpose
https://management.azure.com/user_impersonationManage Azure resources (VMs, storage, DNS)
offline_accessRefresh tokens automatically without re-login

We can access:

  • Virtual Machines in your subscriptions
  • Storage Accounts and Blob containers
  • DNS Zones and records

We never:

  • Access your Azure AD user data
  • Modify billing or subscription settings
  • Access resources you don't grant us

Azure Subscription Requirements

OEC.sh needs access to at least one Azure subscription with:

Resource Providers (Enable if needed)

  1. Go to Azure Portal > Subscriptions > Your subscription
  2. Click Resource providers
  3. Ensure these are registered:
    • Microsoft.Compute (Virtual Machines)
    • Microsoft.Storage (Storage Accounts)
    • Microsoft.Network (Networking)

Role Requirements

The Azure account used must have one of these roles on the subscription:

RoleCan Do
OwnerFull access (recommended for initial setup)
ContributorCreate/manage resources, cannot manage access
Custom RoleSpecific permissions (advanced)

Using Your Azure Account

For Server Provisioning

  1. Go to Servers > Add Server
  2. Choose Provision from Cloud
  3. Select your Azure account
  4. Choose:
    • Subscription (if multiple)
    • Region (e.g., East US)
    • VM Size (e.g., Standard_B2s)
  5. Click Provision

For Backup Storage

  1. Go to Settings > Storage
  2. Click Quick Setup on your Azure account
  3. Select or create a Storage Account
  4. Choose/create a Blob container
  5. Configure backup settings

For DNS Management

  1. Go to Settings > DNS Providers
  2. Click Quick Setup on your Azure account
  3. Select an Azure DNS zone
  4. OEC.sh will manage A records automatically

Managing Your Connection

Refresh Token

OAuth tokens expire periodically. OEC.sh auto-refreshes them, but if issues occur:

  1. Click the refresh icon on your account
  2. OEC.sh will attempt token refresh
  3. Status should update

Reconnect Account

If refresh fails (e.g., password changed, MFA reset):

  1. Click the Reconnect button
  2. Sign in to Microsoft again
  3. Re-authorize OEC.sh

Disconnect Account

  1. In OEC.sh: Delete the cloud account
  2. In Azure: Go to Azure AD > Enterprise Applications
  3. Find and revoke OEC.sh access if needed

Troubleshooting

"Admin consent required" Message

Cause: Your Azure AD requires admin approval for new apps.

Solution:

  1. Contact your Azure AD Global Administrator
  2. They need to approve OEC.sh in Enterprise Applications
  3. Or, ask them to enable user consent for apps

"Authorization Denied" Error

Cause: You clicked "Deny" or closed the window.

Solution:

  1. Click Add Account again
  2. Complete the authorization flow
  3. Click Accept when prompted

Account Shows "Expired"

Cause: OAuth tokens expired and couldn't auto-refresh.

Possible reasons:

  • Password was changed
  • MFA was reset
  • Azure AD policy expired the session

Solution:

  1. Click Reconnect on the account
  2. Sign in with Microsoft
  3. Re-authorize OEC.sh

"No subscriptions found" Error

Cause: The Azure account has no subscriptions or you lack access.

Solution:

  1. Verify you have at least one Azure subscription
  2. Check you have Owner or Contributor role on it
  3. Try a different Azure account with subscription access

VM Creation Fails

Cause: Could be quota limits, region capacity, or permissions.

Solutions:

  1. Quota: Check Subscription > Usage + quotas
  2. Region: Try a different Azure region
  3. Permissions: Verify Contributor access on the subscription
  4. Resource Providers: Ensure Microsoft.Compute is registered

Cannot Access Storage Account

Cause: Network rules or permissions blocking access.

Solution:

  1. Check Storage Account network settings
  2. Verify "Allow access from all networks" or add OEC.sh IPs
  3. Check the account has Storage Blob Contributor access

Azure Regions

OEC.sh supports major Azure regions:

RegionLocation
eastusEast US (Virginia)
westus2West US 2 (Washington)
westeuropeWest Europe (Netherlands)
northeuropeNorth Europe (Ireland)
southeastasiaSoutheast Asia (Singapore)
australiaeastAustralia East (Sydney)

Cost Considerations

Azure charges for resources created by OEC.sh:

ResourceBilling
Virtual MachinesPer-hour based on VM size
Storage AccountsPer GB stored + transactions
Azure DNSPer zone per month + queries
Data TransferOutbound data charges

Tips to minimize costs:

  • Use Azure Hybrid Benefit if you have Windows licenses
  • Enable Reserved VM Instances for production
  • Use lifecycle management for storage
  • Stop VMs when not in use (use OEC.sh scheduling)

Next Steps

AWSGoogle Cloud Platform