I am setting up some simple Azure services for a company that does not have an IT team yet. My three goals are
The company has to use the Azure portal minimally. The owner is not tech-oriented.
The company can add billing information for the subscription themselves without having to give me all that information.
I can eventually transfer ownership of the azure entity (directory? tenant?) to an IT team.
I cannot find the answer online because all the documentation is oriented towards an IT that works for the company as opposed to freelancer. I am currently using my personal Microsoft account but am able to get a company Microsoft account if needed via their parent organization (which does have IT). Using my personal account, I've created a new tenant then switched to that directory. In that directory I've attempted to add a subscription but it switches me back to my default directory. If I switch to the new directory again, I get the error "In order to view your eligible offers, please click here to switch your directory to {my account}.onmicrosoft.com"
I would appreciate an in-depth answer as I am not familiar with the administration side of Azure.
Related
I really need some basic help with Azure. I purchased Microsoft 365 for my company (10 users) from GoDaddy (a mistake). GoDaddy support has little to no knowledge of Azure. With Microsoft 365, you get access to the Azure portal, and you get a directory in Azure Active Directory that looks like NETORG12345678.onmicrosoft.com. Then you can create tenants and subscriptions below that directory.
I must have done something like that, because now I am getting emails from Microsoft saying that my subscription is about to expire and I should pay the bill.
Rather embarrassing to say, but I cannot even figure out how to do this. I am the global administrator for my directory/tenant (if that is even the right terminology). I keep getting error messages that I don't have the appropriate permissions to view my bill, and I should try asking myself for permission to do that. Sometimes, the error messages say I should try switching directories, but there is only one directory, I think.
I wish there was some appropriate training for this, but I can't find anything. Sorry for the noob question.
If you are the owner/administrator you can navigate to Cost Management + Billing and see what is your subscription and the status of it,
You have mentioned that you purchased Office 365 through GoDaddy. In this case GoDaddy could possibly be owning the subscription on which they have on-boarded you. If GoDaddy support doesn't have much idea, you can mention this to Microsoft support. From what I understand you will be paying GoDaddy which would take care of billing on your behalf, I guess.
Suggest any azure service which
can connect customer azure active directory
can query customer azure active directory
keep my application azure active directory in sync with any future change (add/remove user) on customer azure active directory ?
Service to connect/query Azure AD : Microsoft Graph API can help you query Azure AD
Sync changes between two different Azure AD tenants: AFAIK there isn't any service that will do this for you, you need to write something custom yourself that can make use of Microsoft Graph API
Notification on changes: Microsoft Graph API supports change notifications for some scenarios.. User and Group resource types are supported.. see if this covers what you're looking for Use the Microsoft Graph API to get change notifications
Incremental changes: Microsoft Graph API also supports delta queries for some operations, which could help in figuring out incremental changes.
Authentication: Most probably client credentials grant flow using Application permissions, with a daemon app would make sense for such scenario. Although, this is something you'll need to decide based on how you finally implement.
Permissions required: Microsoft Graph API permissions reference
Function or WebJob or something else: it's a little subjective I guess. I don't have a clear single recommendation. WebJob might be better if it turns out to be long running, but I'm not sure. You may need a separate question or find some already answered good questions about this.
In response to Rohit's answer: -
I agree there isn't any Microsoft service as of now that sync changes between two different Azure AD tenants.
Not here to brag or promote but to give a direction, the company where I work has a product which solves exactly this problem and we have few customers who are using it to keep their partner tenants in sync. In case you are looking for a pre-made product feel free to reach out to me.
Other wise if you need any help on creating your own then what Rohit mentioned are quite good steps to follow, if you still need help with that direction let me know.
I maintain a family web site on Azure on my spare time. For a small fee, we have purchased a custom domain name to make it more "professional".
Unfortunately, the credit card associated with the susbscription has expired and since I was not actively monitoring the dedicated mail account I had created for this purpose, the susbscription has now been deleted (the susbscription is actually disabled in the portal, but the mail from Azure says that I need to create a new subscription if I want to change my mind).
In a matter of minutes, I registered a new subscription and thanks to continuous deployment, I could deploy the Web App from sources that I had kept on a GitHub account. However, an attempt to bring an external domain to the Web App fails with the reason being that the said domain is already in use by another Azure web site (presumably, the old Web App from the, now deleted, subscription)
A quick chat with the #AzureSupport team on Twitter, they suggested I file a support request from the Azure portal. However, since this is not a professionnal susbscription, I do not have a support plan. I see that support costs 25 $/month for at least 6 months in my situation.
This seems a bit too costly, like an order of magnitude higher than buying a new domain name for several years. At the same time, I don't understand why the deleted account is still locking the custom domain name. And it seems unfair that I need to pay to recover a domain name that I own but am unable to benefit from because it is associated with a Web App in a disabled Azure subscription!
Please, what are my options?
PS: Even though this is not a programmatic question, I post here because that's where Microsoft recommends to obtain community support. I have also posted a similar question on an appropriate MSDN Forum but the answers there are not satisfying.
Unfortunately on a technical level this will be something that can only be rectified by Azure support. Since you no longer have access to the account they will need to delete that domain association.
It is excessive that you are required to pay for a six month support contract to resolve an issue that is clearly an issue with the way Azure decommissions subscriptions.
The problem you now have is that you can't use Azure to host this domain until that association is removed. Your only options are to either have the complexity of using a VM or to move your site to AWS etc.
If you make those points to #AzureSupport team, maybe they will process it for you. Point them to this question and ask them to help you to keep using Azure.
We're completely upgrading our production and development environment from co-located boxes to an Azure implementation and we'll be developing using Visual Studio Online. Up until this point our dev has occurred on a Remote Desktop environment where developers were logging into Windows server and developing on that RDP box.
We want to set this up and we have some confusion about the Account types/set up types.
It appears there are two ways to set up our Azure and two ways to set up our developers. We are a MS partner w/ some MSDN licenses and Azure credits.
So for Azure we can use our existing MS accounts and just set up an Azure Pay As You Go (PAYG) subscription. This was suggested to us initially but it seems weird to have the entire companies Azure environment going through an individuals live ID. Then we saw we can sign up as an Organization now and it uses Azure AD. We have not been using Active Directory and we're not sure how much complexity this is going to add to our administration. Is there a discernible difference/benefit to going one way or the other?
Then, when we sign up our developers we can either have everyone sign up with their live ID's (we have MSDN w/ VS Premium credits for all developers) or we can set them up using Active Directory with Work Accounts. Having our credits allotted in work accounts sounds like a good way to control things at first reading, but it also seems a bit more complex. I'm wondering if there is much difference between MSDN accounts signed up w/ live IDs or AD Work Accounts. I can't find a real comparison article or pro/con type of discussion anywhere.
It sounds like you have already figured out the main differences. As an organization, I would suggest signing up for Azure as an organization. You can do that here. This is going to give you the management capabilities for resources typically needed by an organization.
Your developers can continue to use the MSDN subscriptions. As Dylan commented, these are not to be used for production environments. You should consider using these for Dev/Test environments and activating your MSDN benefits. This will save you some money. More on that here.
Visual Studio Online will work with your Work Accounts and again give you more control over managing your online resources. This link describes the sign-up process for both Microsoft Accounts and Work Accounts. And if you scroll down a bit you will find your original question specifically addressed.
Finally, you can also add your Work Account(s) to your existing MSDN subscriptions if you like. This way you (and your developers) can use the same account credentials when accessing Azure Subscriptions. Information on how to do that is available in this link.
Your Work Account subscription should be limited to personnel responsible for managing your "production" environment.
After signing up for Azure as an Organization, you can add users to the directory as described here. You can also add "external" users using their existing Microsoft Accounts. It's just a few dialogs to add a user.
I currently have a Web Application and SQL Database instance published on my own personal Azure trial subscription. However the app is now finished and I want to hand ownership over to the person I am creating it for. So I want to publish it to his Azure subscription, so he can look after billing, monitor, and have ownership of the application etc.
I asked him to add me as a user to his account, and now I see his company name listed as a 'Directory' from the portals home page (along with my Default Directory, my Web App, and my SQL Database). I don't know how to proceed from here. I want to be able to Publish it from Visual Studio 2013 - then run my code first migrations to create the database, all to a location that his company and not me is responsible for.
Is my approach to this wrong? In a general sense, how do you develop a test application (and test it in Azure) and publish it for someone else on Azure?
The first comment on the question is sort of what I am trying to achieve:
Transfer all data from my account to another in the same Azure subscription
"What do you mean by from my account to another in the same Azure subscription? Normally I have seen folks want to move data from one subscription to another one (say from Dev Subscription to Prod Subscription)."
But if I just transfer the app I wouldn't be able to make changes in VS and re-publish it, for example.
EDIT:
I found this article on Migrating an enterprise web app to an Azure service. Would it be possible to Publish the app to my local dev machine (with local database), then use the Migration Assistance to move it to Azure? Obviously to do this I would need my clients Microsoft ID and password to log into his subscription which is not ideal.
You will first want to make sure that the subscription appears in your "Subscription list" in the top right corner and is selected.
I am assuming you have connected your VS with your Azure subscription and are able to publish your app to your subscription from here, and that the new subscription is "missing" from your selection. But now you have been added to a new subscription but have not updated VS. Remove and readd Azure Subscriptions from VS. This should require you to log into Azure, and should pull updated account information.
Now when you Deploy your app, you will be able to select which Subscription you want to deploy it into.