I have an MSDN 'Visual Studio Premium with MSDN' account.
I have created an Office 365 E3 Tenancy.
I have 'activated' Azure AD for that tenancy and can access the 'Access to Azure AD' subscription.
But this only gives me Azure AD and not all the other services.
How can I 'attach' my MSDN Azure benefit to this tenancy so that I can get all the other service options? Websites etc.
Thanks
Paul
Sign in as your Office 365 administrator and go to this link: http://azure.microsoft.com/en-us/pricing/free-trial/
when you sign up for an Azure Trial it will take you down the path you are aiming for. Just make sure you select the options related to an MSDN subscription when they are presented.
You will need to got manage.windowsazure.com and make the association there. There are instructions here: https://msdn.microsoft.com/office/office365/HowTo/setup-development-environment#bk_AssociateExistingAzureSubscription
Hi there's an updated flow that will help make it easier to register for an app directly on dev.office.com.
You will still eventually need to go into Azure to manage and maintain the app, but if you're just getting started, you can do it in line at http://dev.office.com/getting-started/office365apis.
The link from Michael will give instructions on registering the app through the Azure Portal as well.
Related
I currently have an Office 365 tenant with around 1,400 users all licensed. We have enabled the Azure AD tenant with the same account and are now using Azure AD Dirsync to have same sign-on to Office 365.
We are now having an external Sharepoint site developed and have been offered either ADFS or Azure AD ACS as an authentication method. As we've already got an Azure AD subscription (through Office 365) I thought this would be the easiest method. However, when in my tenant on https://manage.windowsazure.com, I have access to Active Directory, can add a new directory but cannot add a new Access Control service. It's greyed out and says "not available" underneath.
I've tried talking to Office 365 support, who referred me to Azure support, who then said we don't have support so can't help. I've spoken to Azure sales and they've referred me to Azure support, who then guess what, said we don't have support.
Has anyone else managed to implement an Azure Access Control service from an Office 365 tenancy using the free Azure Active Directory subscription? I get the feeling I just need to buy a cheap Azure subscription and the option would become available, but without knowing for sure I'm a bit hesitant about taking the plunge.
Thanks.
I can imagine that you cannot use the free Azure subscription for this purpose because using the Access Control Service brings costs. The free subscription is not tied to any creditcard. When you have e.g. a pay-as-you-go subscription you should be able to create a ACS namespace. I just tried in one of my pay-as-you-go subscriptions.
You are (still) able to create a namespace but I suggest you to also take a look into the identity possibilities Azure AD itself has. Azure AD has currently only support for SAML 2.0 (and a lot of other protocols but they are not directly relevant for SharePoint). I know SharePoint (on-premises) only talks SAML 1.1 so that's where ACS comes in. You can read more about this topic here. Azure AD itself is going to support SAML 1.1. The only question is when. (see one of the comments from the source mentioned below this answer)
I also would make one remark about Azure AD ACS because this is going to be replaced by Azure AD. The only question left is when.
ACS Capabilities in Azure AD
As we've mentioned previously, we are adding ACS-like capabilities into Azure AD. In the coming months, as part of a feature preview Azure AD administrators will be able to add federation with social identity providers, and later custom identity providers to Azure AD. This will allow app developers to use Azure AD to simplify the identity implementation in their apps, similar to how developers use ACS today. We look forward to getting your feedback on the preview to improve these experiences.
Migrating ACS Customers to Azure AD
Once these new ACS capabilities of Azure AD are out of preview and generally available, we will start migrating ACS namespaces to use the new Azure AD capabilities.
Source: The future of Azure ACS is Azure Active Directory
Quick solution:
Create an Azure paid account. Add the administrator user of the paid account in the Office 365 directory, and set it as global administrator of this later directory (you can add users from other directories).
Then switch back to the paid account. The new global administrator will be able to manage the Office 365 directory and add a namespace.
I have a MS company account using Office 365 (so myname#mydomain.com is my account), and I use Office, Azure, and Visual Studio Team Services.
However, I cannot find anywhere how to enable 2FA for this account. I can set up 2FA for my normal, personal, windows live Id using this page:
http://windows.microsoft.com/en-US/windows/two-step-verification-faq.
But that doesnt work for company accounts.
Anyone knows if this is possible? thanks!
What you need is Multi-Factor Authentication for Azure Active Directory. It is part of AAD Premium features.
You can read how to enable and configure it here. And more info on it here.
UPDATE
As per documentation:
Multi-Factor Authentication is now included with Premium and can help
you to secure access to on-premises applications (VPN, RADIUS, etc.),
As well as per this documentation:
Azure Multi Factor Authentication is included in Azure Active
Directory Premium and as a result it is also included with the
Enterprise Mobility Suite
Note: MFA is (at least was) possible with the free AAD but only for the Global Admins in the directory, or for Subscription Administrators within an Azure Subscription.
I am trying to create an Asp.Net web application from Visual studio to host in Windows Azure. After signing in with my work email(having MSDN subscription and Windows Azure benefits activated) I am shown this message:
Sorry but we didn't find any Windows Azure subscriptions associated with your account.
You can sign in with a different account, or as an MSDN Subscriber, you can get started with Microsoft Azure using monthly credits that are included in your MSDN subscription. Just activate your MSDN benefit to get started.
I have already activated my MSDN benefit and also have one Asp.Net web application up and running on Windows Azure with the same account for last 10 days.
I don't understand why it's happening. If anyone knows about it then please let me know.
Thanks
The issue has been resolved with the help of my organisation's IT Admin. Here is the resolution.
The problem was that, while signing in, I was give two option to choose from after entering my email Id-
Work or School account (Assigned by your work or school) or
Microsoft Account (Personal Account).
I was selecting the first one i.e Work/School account. My MSDN subscription is provided by my organization but the Windows Azure account I created using that MSDN subscription is my personal one and not provided by my company. So I should have selected the second option i.e. Personal Account.
Now when I select Microsoft Account while signing, my project is successfully created for hosting in Windows Azure.
So to msdn and activate Azure under that.
https://msdn.microsoft.com/en-us/subscriptions/manage
We are spinning up a development against Microsoft Azure and will be making use of Visual Studio Online in conjunction with Microsoft Azure capabilities (PaaS, and IaaS). The majority of our developers will have MSDN subscriptions.
To get started I have set up the Azure Portal with what is being called a "Microsoft Account" (definition based on the FAQ below). I did this in order to establish a POC and demonstration but now I am wondering if this account needs to be an "Organizational Account." My company does use Office365/Outlook so I think it is possible to establish "Organizational Accounts" but I have not been able to determine with our Operations resources what would be necessary.
The question then is should I be using strictly Organizational Accounts for all Azure and Visual Studio Online accounts? If an account has already been set up as a Microsoft account can it be transitioned to an Organizational account? Are there any implications to be aware of?
One of the problems I am currently experiencing is that I cannot be logged into Outlook and Azure at the same time (assume Chrome for this example) unless I use Incognito mode for one of the sites. I am using the same email account for both but for Outlook it is being treated as an organizational account but for Azure it is a Microsoft account.
http://msdn.microsoft.com/en-us/library/dn531048.aspx
I would suggest using Org Accounts only once you have your domain synced to WAAD. This is what we have concluded is the best way to move forward and now are waiting on the Infrastructure gods to approve syncing our AD with WAAD. ...be prepared for resistance in this area.
The link to the FAQ says to contact MS to transition MS to Org account.
We have found this to be a very messy area with little direction from Microsoft to be found. We are not yet adopting VSO until we can use Org\WAAD accounts. They say new VSO accounts now support Org\WAAD accounts but if you have already created a VSO account you currently cannot switch over to Org\WAAD.
In my company, we are using Office365 for our emails.
In addition to this, we are using Windows Azure Active Directory to secure some applications.
Now I've been asked to create some kind of link between our users in Office 365 and Windows Azure Active Directory.
The point would be to have some admin applications deployed and secured with WAAD but for which the users are the ones from Office365.
I've found lots of documentation on the web on how to sync directories but not really anything stating clearly that this is possible.
I'd like to insist on the fact that it is our own application that we'd like to secure like this.
Thanks
(Edit 2018-03-23: This answer was updated to reflect changes in the new Azure portal.)
The underlying directory for Office 365 is Azure Active Directory (Azure AD). This means that if you have an Office 365 account, you already have a directory -or "tenant"- in Azure AD.
In your case, I think what you want to do is move from securing your application with a different Azure AD tenant (under a different domain), to securing your applications with the tenant you got when you started using Office 365. The key here is to be able to get access to your Office 365 tenant from the Azure portal.
All you need to do is sign in to the Azure portal (https://portal.azure.com) with you Office 365 account (which, remember, is an Azure AD account), and head over to the "Azure Active Directory" blade. (Note: You do not need an Azure subscription in order to manage your Azure AD tenant in the Azure portal.)
Now you can go about adding and configuring apps to the Office 365 tenant so that you can use that tenant to secure your apps.
Extra: Since you've already started doing things with another Azure subscription (presumably your Microsoft Account, MSA --formerly LiveID--), you might be interested in transferring that Azure subscription to be owned by an account in your primary Azure AD tenant: https://learn.microsoft.com/en-us/azure/billing/billing-subscription-transfer
If the aim is to make the Office 365 directory available inside the Azure portal, this currently works:
In the Azure portal, under Active Directory, click the New button, then Directory, then Custom Create. In the Directory pull-down, select 'Use existing directory' and follow the instructions to sign out and sign in using your Office 365 admin user. This will make your Office 365 directory available inside your Azure portal (in addition to any other Azure directories you have access to.)
When you setup your Azure Subcription did you use the same account you used when you setup your Office 365 Subscription? If so you should be able to see an existing WAAD instance when you log into Azure that has your #*.onmicrosoft.com domain registered against it. If you don't see that you may be able to add the domain to Azure subscription assuming of you are the domain admin. See here: http://blogs.msdn.com/b/bspann/archive/2013/10/20/adding-existing-o365-directory-to-azure-msdn-subscription.aspx
For the sake of completion, I hope the OP would come back and accept the answer provided by Philippe.
I found this that was quite helpful: http://blogs.technet.com/b/ad/archive/2013/04/29/using-a-existing-windows-azure-ad-tenant-with-windows-azure.aspx