I have an office 365 Subscription that was created when i created my Dynamics 365 (CRM) trial version.
I also have a MSDN Enterprise Azure Subscription.
I'm trying to associate the office AZURE AD with my MSDN AZURE Subscription.
I'm trying to proceed as described in the below link
https://github.com/uglide/azure-content/blob/master/articles/billing-add-office-365-tenant-to-azure-subscription.md
But the link for the old azure management portal and I'm not able to find a way to add "New Directory" with the option to choose "Existing Directory"
Awaiting your valuable inputs.
Regards,
Clement
You can refer
https://learn.microsoft.com/en-us/azure/active-directory/fundamentals/active-directory-how-subscriptions-associated-directory
https://learn.microsoft.com/en-us/azure/billing/billing-use-existing-office-365-account-azure-subscription
to know How to Associate or add Azure Subscription to Azure Active Directory. This should do the trick if you do not have any resources in the Azure Subscription that are dependent on the current tenant for the subscription.
So, what happens is that if you have anything on the current tenant for the Azure Subscription, that would be replicated to the tenant for the O365. All of the same would need to be re-created manually.
Only the Subscription Admin of the Azure Subscription would retain the access to the subscription.
If you should have resources and the access levels might be a question for you by the re-association of the Subscription to the O365 tenant, we would suggest you create a Billing & Subscription Ticket so that Microsoft support team could personally assist you in the entire process effectively.
Related
I'm trying to follow this tutorial on developing with Microsofts Graph Data Connect. The tutorial states:
The Azure subscription must be in the same tenant as the Microsoft 365 tenant. Microsoft Graph Data Connect will only export data to an Azure subscription in the same tenant, not across tenants.
Your Microsoft 365 and Azure tenants must be in the same Azure Active Directory (Azure AD) tenancy.
I already have an Azure account with an Azure for Students subscription. I signed up to the Microsoft 365 Developer Program and created a new sandbox. This creates a totally new tenant with a corresponding admin#[MYTENANT].onmicrosoft.com account.
The 365 sandbox has an Azure Directory, but no subscription or ability to create new services. The admin account cannot be used to sign up for a new free subscription, attempting to create an Azure free account results in a "Your current account type is not supported" message.
Is there a way to link these two accounts together so I can create an app in Azure that uses Graph Data Connect to access the dummy data in the 365 Sandbox?
You might be able to change your azure subscription to a new directory. (It might be blocked by policy however)
You'll need a user who exists in both directories, and who is an owner on the subscription. In the portal, click the "Change Directory" button on the ribbon and follow the prompts. Note, the directory change will delete all RBAC role assignments and possible some other configurations, but if this is a learning subscription there's probably not a lot that can't be recreated.
https://learn.microsoft.com/en-us/azure/devtest/offer/how-to-change-directory-tenants-visual-studio-azure
I started learning Microsoft Azure but I'm stuck
Can anyone tell me what is the difference between Microsoft account vs tenant vs Subscription in detail?
When you say "Microsoft account", this usually refers to personal Microsoft accounts (outlook.com/live.com/hotmail.com).
But it could also refer to organizational Azure Active Directory accounts.
They are both kinds of user accounts, both types can exist as members in an Azure Active Directory "tenant".
This tenant is basically an instance of Azure AD for your users, in your control.
When you log in to Azure, you are logging in to Azure AD.
An Azure subscription is where you deploy your services, create resources like databases etc.
A subscription is always linked to an Azure AD tenant.
The users in this linked tenant can be given roles in the subscription to access/modify resources.
If anyone wants access to the subscription, they need to be added to the Azure AD tenant first.
This can be done by creating them an account there, or by inviting them by their email as a "guest".
microsoft account: the one used to log in
tenant: your azure active directory (usually the default is [account].onmicrosoft.com
subscription: your microsoft azure subscription, the one used to create services/ deploy your applications
We have a O365 subscription. We have a Azure subscription.
However, the Azure subscription is originally set up with a personal(!) account with was identical to that persons O365 account.
(personal account somebody#company.nl was created and used to setup Azure while that person also had a O365 account with the name somebody#company.nl)
When I log on to Azure using henrov#company.nl I have to choose 'personal' account to log on to Azure. I do see our subscription. I understand that our Azure subscription has in fact nothing to do with our O365 subscription.
However, if I go to PowerBI in O365 and install a datagateway I need to login with my O365 account henrov#company.nl. When I the choose to install a gateway on Azure I get logged in as henrov#company.nl (School/Work account). To be followed by the message: "you have no subscriptions".
I understand what is happening. Somebody#company.nl messed up while setting up Azure. But what can I do to correct this? Would it be better to setup a complete new Azure subscription using a different adress? Or can I somehow merge the existing Azure subscription with our O365 subscription?
That's because you can actually have a Microsoft account created using your corporate e-mail, but it doesn't mean it is an organisational account like the one you have when you create an Office 365 tenant or any other service which relies on Azure AD platform.
Login to your Azure subscription using the service administrator of that subscription (the personal Microsoft account) and follow this guide to transfer the subscription to another tenant owner, that is, the global administrator of your corporate tenant.
https://learn.microsoft.com/en-us/azure/billing/billing-subscription-transfer
Finally, change the directory associated with that subscription.
https://learn.microsoft.com/en-us/azure/billing/billing-add-office-365-tenant-to-azure-subscription
You can do the latter only if you want.
We have two Azure subscriptions and an Office 365 subscription for our company.
In "Subscription #1", we have a VNET and a bunch of VMs. We have our "organizational AD" in this VNET. We also set our Office 365 subscription to use our organizational AD that is in this Subscription #1.
We then have a second Azure subscription (Subscription #2) in which we have WebApp's, databases and Visual Studio Team Services (VSTS - formerly Visual Studio Online) repositories. We set up our VSTS to use the directory service -- WAAD -- associated with this second subscription.
My question is: can we set it so that this second Azure subscription uses our organizational AD to manage user access? Our primary goal here is to have "single sign-on" in this second Azure subscription. For example, we want our developers to be able to use their organization AD accounts to access the VSTS repositories.
P.S. We do prefer keeping these two Azure subscriptions separate but still have single sign-on.
In short, yes you can. The easiest way to do this is by putting in a support ticket with Azure and asking them to perform this task for you. You should be able to put a ticket in with billing support to avoid costs.
The other way to do this involves having the Service Administrator of the 2nd Azure subscription be a Global Admin on the Azure Active Directory in question. You can then follow the steps found in this link.
I currently have an Office 365 tenant with around 1,400 users all licensed. We have enabled the Azure AD tenant with the same account and are now using Azure AD Dirsync to have same sign-on to Office 365.
We are now having an external Sharepoint site developed and have been offered either ADFS or Azure AD ACS as an authentication method. As we've already got an Azure AD subscription (through Office 365) I thought this would be the easiest method. However, when in my tenant on https://manage.windowsazure.com, I have access to Active Directory, can add a new directory but cannot add a new Access Control service. It's greyed out and says "not available" underneath.
I've tried talking to Office 365 support, who referred me to Azure support, who then said we don't have support so can't help. I've spoken to Azure sales and they've referred me to Azure support, who then guess what, said we don't have support.
Has anyone else managed to implement an Azure Access Control service from an Office 365 tenancy using the free Azure Active Directory subscription? I get the feeling I just need to buy a cheap Azure subscription and the option would become available, but without knowing for sure I'm a bit hesitant about taking the plunge.
Thanks.
I can imagine that you cannot use the free Azure subscription for this purpose because using the Access Control Service brings costs. The free subscription is not tied to any creditcard. When you have e.g. a pay-as-you-go subscription you should be able to create a ACS namespace. I just tried in one of my pay-as-you-go subscriptions.
You are (still) able to create a namespace but I suggest you to also take a look into the identity possibilities Azure AD itself has. Azure AD has currently only support for SAML 2.0 (and a lot of other protocols but they are not directly relevant for SharePoint). I know SharePoint (on-premises) only talks SAML 1.1 so that's where ACS comes in. You can read more about this topic here. Azure AD itself is going to support SAML 1.1. The only question is when. (see one of the comments from the source mentioned below this answer)
I also would make one remark about Azure AD ACS because this is going to be replaced by Azure AD. The only question left is when.
ACS Capabilities in Azure AD
As we've mentioned previously, we are adding ACS-like capabilities into Azure AD. In the coming months, as part of a feature preview Azure AD administrators will be able to add federation with social identity providers, and later custom identity providers to Azure AD. This will allow app developers to use Azure AD to simplify the identity implementation in their apps, similar to how developers use ACS today. We look forward to getting your feedback on the preview to improve these experiences.
Migrating ACS Customers to Azure AD
Once these new ACS capabilities of Azure AD are out of preview and generally available, we will start migrating ACS namespaces to use the new Azure AD capabilities.
Source: The future of Azure ACS is Azure Active Directory
Quick solution:
Create an Azure paid account. Add the administrator user of the paid account in the Office 365 directory, and set it as global administrator of this later directory (you can add users from other directories).
Then switch back to the paid account. The new global administrator will be able to manage the Office 365 directory and add a namespace.