I want to deploy our SharePoint remote event receiver inside an Azure web app. but when i create a new web app i got 2 subscriptions ("Microsoft Azure" OR "Pay-As-You-Go"), as follow:-
So i am not sure what are the main differences between these 2 subscriptions?
second question; which one is more suitable for hosting SharePoint remote event receivers?
Pay as you go is just like it says, you pay for only the services that you use, based on the pricing for that service. More info here.
A subscription is as described here "a logical grouping of Azure services that is linked to an Azure account. A single Azure account can contain multiple subscriptions. Billing for Azure services is done on a per-subscription basis. For a list of the available subscription offers by type, see Microsoft Azure Offer Details"
You have two subscriptions set up. On is a pay as you go subscription, and one is another type, although I'm not sure what. There should be no difference which one you select from a technical standpoint. It is only a matter of how you want to be billed. Azure web apps have a free tier as well.
There is no technical difference between the two subscriptions. There might be a difference with regards to support levels or service level agreements (SLAs), e.g. if one of them is a Dev/Test subscription. There might be a difference in "purpose" - one might be exclusively for "production use cases", while the other might be for testing. There is no way for us to know.
You really should ask the person responsible for the Azure subscriptions on which one you should use. If you set them up yourself, you take a more detailed look at the subscriptions themselves.
Related
Days ago I onboarded a customer using Service Principal with an ARM template in our blob storage, then the client went to this URL:
https://portal.azure.com/#create/Microsoft.Template/uri/{Blob Url}, accepted us as their resource manager, and we could make connections and go-to resources but via PowerShell, why it doesn't show to us in our Azure Lighthouse Customers page?
I can work with the resources, make deployments, and such but doesn't show in the list, I want to know if it is because we need to be gold competency or an expert MSP because we don't want to make a public offer in the market, we just want to manage certain customers.
It should be displayed there. No special conditions are required such as the ones you've mentioned. Are you definitely signed in to your own partner/MSP tenant with an account that has delegated access to the customers? Does anything show up under delegations within the Azure Lighthouse section?
If you have access to the customer tenant, does your company show up under Service Providers within Azure Lighthouse on the Azure portal?
Case closed, the Service Principal itself doesn't have the privileges on the service provider's tenant to make your user a reader. So the solution for this was:
Remove the offer in the customer tenant.
Add new authorization in the ARM template for a user/group with "Reader" built-in role id. (In our case, we decided to use an AD group because people in the organization is temporary)
Upload the new ARM template and re-onboarded the client.
After a couple of hours, the client's subscription showed in the subscription list in the section: Directories + subscriptions, checked it, and saw all the resources from the service provider's tenant.
I found a solution for this issue.
The Azure Lighthouse->My customers list on the azure portal only shows subscriptions activated in the global directories and subscription filter.
Please go to the global directories and subscriptions filter (in the portal top navigation) and open the drop downs for directories and for subscriptions and check, if your customer subscription appears here.
If yes, select all entries in both drop downs.
After that go back to Azure Lighthouse->My customers
and check, if the customer subscription appears now.
My company has a direction to create web app to be published and sold on Azure Marketplace.
After reading up on the topic on https://azure.microsoft.com/en-us/marketplace/programs/certified/, I am confused that what is actually the right way to achieve what we want to do above.
Do we need to create a VM as a container for our webapp so that it can be sold on Market Place? In this method, are subscribers creating their own VM service from the image we publish? I wonder how are updates/fixes being pushed out to every subscriber.
I then came across AppSource. In this way, are we creating/hosting the app in our azure app service, and users are authorized into the app through AAD (it looks like we have to use AAD authentication?)? Are we able to segregate user data by say, organizations?
I really appreciate if someone can shed some light on this.
For point 1, you could look at this question: Publishing a web application on Azure
i think what you are looking for is the "solution template". it took me a while to get it, but if you look at the docs there is a comparison between "Virtual machine" and "Solution template".
From the docs:
VM example:
As an Azure publisher, you've created and validated a VM with an innovative database service. Other Azure subscribers want to procure and deploy this VM into their cloud service environments.
Solution template example
As an Azure publisher, you've bundled a set of services from across Azure that make it quick to deploy cloud services with load balancing, enhanced security, and high availability. Other Azure subscribers can save time by procuring the solution template that meets their objective. They don't have to manually locate, procure, deploy, and configure the same or similar Azure services.
In my azure account I have 2 directories, lets call them directory A and B.
With some recent changes I need to switch a app service from a subscription in directory A to a subscription that is on directory B.
Is this possible to achieve, and if it is how?
EDIT 1
As directory I mean the directory that you can see in the image below:
EDIT 2
Since It seems that I have mislead people I will try to explain what i want to achieve with images.
I want to move the App Service from the App Service Plan in the directory A as you can see in here:
to the App Service Plan in the directory B that you can see in here:
It looks like you want to move resources between subscriptions. It is possible to do this but there are a few restictions and rules around what you can do.
You can definitely move an App Service between subscriptions. However, in your case, as the subscriptions in question exist in different AD tenants, you will need to change the tenant of one of the subscriptions. You can only do this if you are a Service Administrator and signed in using a Microsoft i.e non organizational account.
Check this reference document from Microsoft, it explains in detail how the transfer process works.
I think we might need some additional information, since it seems that the terms we're using are sometimes equivocal. Microsoft Azure subscriptions are not associated to Azure Active Directories, but to an Service Account. You can add how many Azure ADs you want to an Azure subscription, but the Azure subscription itself will be managed by the service account (which is not necessarily member of a certain Azure AD).
Further, only the service administrator can manage Azure resources, like VMs, App Services and so on. Azure AD admins can only manage identity aspects that define identity life cycles within that specific Azure AD. The service admin could add a co-admin a user from the default Azure AD and that user would then also be able to manage Azure resources, like App Services and so on.
So the Azure App Service is tied to a Azure subscription that is managed by a service account, not by the Azure AD. Please check the official documentation on this topic. Also please clarify exactly what you would like to do.
I have a business requirement where Azure Subscription owner will Provision User Groups like Infrastructure Admin, Billing Admin, Enterprise Users. Ifra Admin people should login to this Portal & can only see options related to Infra provisioning. Billing Admin people should have access to Azure usage Enterprise wide - And they should be able to generate bills for respective teams(which are part of the organization). Enterprise Users are those who want to procure azure storage, VMs etc. and they want estimate cost for required infra.
I am looking out for a solution/approach for this requirement. If Azure Portal is already providing this feature then please provide me reference material. If i should build new custom Web application which internally use Azure APIs then let me know about that option as well.
If there are any products which already doing this even am open for that.
Deeply appreciating your help. Thanks a lot :)
Vishal.
Let me answer by breaking your question in 2 parts:
Managing Users - This is something you can do today in Azure. Some time ago, Azure announced Role-based access control (RBAC) and that fits the bill nicely for you as far as managing users and granting them permissions to do things. So in your scenario, the owner will create users and groups in Azure Active Directory and then put these users and groups in appropriate roles. When a user or a group member tries to manage the resources (either by logging into the portal or using other tools like Azure PowerShell Cmdlets), they will only be able to do things the role they are in allows.
Managing Billing - Though Azure Portal exposes the billing functionality (and there's a billing/usage REST API), it does not have the capability you're looking for. What you would need to do is look for ITFM (IT Financial Management) Systems that has support for Azure. Off the top of my head, two tools come to my mind - Cloudyn & Cloud Cruiser. You can learn more about it here: https://azure.microsoft.com/en-in/documentation/articles/billing-usage-rate-card-overview/. You could always consume the Billing/Usage REST API to create a solution of your own. If you're writing your own solution, you may want to check out Billing Samples on GitHub.
On Azure, I am currently using my "3-month Free Trial" subscription, and just recently I got access to a "Windows Azure MSDN - Visual Studio Ultimate" subscription.
Is it possible to move an existing set of hosted sites to another subscription using the Portal?
Obviously I could just re-publish the sites using Visual Studio, but I'm wondering if there is a way to do this in the GUI?
There is no way you can accomplish in the Portal interface. You do have an option to request Windows Azure Billing Team and request them move all of your currently configured and running services from one Subscription to other subscription, the key is "all".
IF you want to move one specific service from one subscription to another then the available option is to deploy directly to other subscription.
I did do this once. I had to contact their billing team and after a couple of days of back and forth between them it was taking too long so I just did it manually, redeploying the sites to the new subscription. This may not be possible if you have many sites. I did a backup and restore of the SQL Azure database.
I am battling with azure support right now on trying to do the same thing. From what I can tell your best bet is creating the services on your MSDN subscription and redeploying.
I don't know a way to do this from the portal but I do recommend using Windows Azure PowerShell which has the ability to manage multiple subscriptions and in your case you can just do this cmdlet to copy a service into another subscription:
Publish-AzureServiceProject -sn MyNewSubscriptionName