The Azure Enterprise Agreement portal allows large enterprise customers of Azure to manage Azure subscriptions and associated licensing information from an easy (well.. seemingly easy) to use portal. On-premises and cloud license details are able to managed under a single EA which make it streamlined for those who manage that sort of thing.
I have an Office 365 tenant. I plan to use federated identity in the Microsoft cloud and beyond. With that Office 365 tenant I am provisioned with Azure AD as the cloud directory for user and group objects. To streamline management of resources I’d like to use federated credentials to access my Azure tenant. From there I’d like to see all of my billing in my EA portal somewhat categorised. NOTE: that the Azure EA portal only shows Azure consumption reporting.
SIDEBAR – Late last week (start of July 2015) Microsoft had updated the EA.Azure portal with big improvements to the interface and functionality of the site. There is now some great reporting that is accessible to portal administrators to view how their accounts and subscriptions are tracking.
To achieve a streamlined management of my Azure tenant under an EA adding in your “work or school” account is a little tricky and took me a little while of Googling to figure out. To add the account:
- Login to the new Azure EA portal
- Go to Manage
- Then on the Enrolment screen you’ll find…
- What we want to change is the “Auth level”
- Select the edit button next to “Auth level: Microsoft Account”
- Microsoft account is the default option
- Change the auth level too “Mixed account”…
- Now you’ll be able to create a department, and account and add a subscription.
Once a subscription has been added, and you don’t have any credits, it is still a basic Azure tenant with only Azure AD provisioned. If you have credits or consumption commitments under an Azure EA, you can upgrade the Office 365 Azure tenant “with a simple trick”. NOTE: I’m sure there is a correct way of doing this. However, I thought i’d share this “hack” anyway.
How to upgrade to a full Azure tenant
Login to the Azure Preview Portal with the newly EA portal enabled Office 365 Azure tenant. In the Preview Portal you’ll have available the full tenant, provisioned and able to add any and all services. The quickest way I’ve found to get started is to provision a virtual network or VNET. From there click through to the Azure Portal to see a nice full Azure experience with the same Azure AD as Office 365. Now additional service components can be provisioned, like for example identity components: Azure AD Connect and ADFS.
The reason this is most ideal is two fold. Firstly using the Office 365 tenant’s Azure AD, once identity is provisioned, role based access control can be granted to on-premises synchronised user objects. The second reason, I think I mentioned at the start of this post, is to keep billing related to the Office 365 tenant and services.
I hope this provides some interesting information for you. Thanks for reading,