Navigation :

Azure Subscriptions

Terminology

Azure subscriptions

A Azure subscription is a unit in which you can run services. Billing for Azure services is done on a per-subscription basis. If your account is the only account associated with a subscription, then you are responsible for billing.

Subscriptions have accounts. An Azure account is an identity like Azure Active Directory account or Microsoft account.

Azure account

An Azure account determines how Azure usage is reported and who the Account Administrator is. Accounts and subscriptions are created in the Azure Account Center. The person who creates the account is the Account Administrator for all subscriptions created in that account. That person is also the default Service Administrator for the subscription.

There are three roles related to Azure accounts and subscriptions:

Account administrator

The Account administrator for a subscription is the only person who can access the Azure Account center. The Account administrator does not have any other access to services inside that subscription. They need additional Service administrator or Co-administrator rights to manage the services. For security reasons, the Account Administrator for a subscription can only be changed with a call to Azure support. The Account administrator can reassign the Service administrator rights in the Azure Account center.

Service and Co-administrator

The Service Administrator is the first Co-Administrator for a subscription. Like other Co-Administrators, the Service Administrator has management access to cloud resources using the Azure Management Portal, as well as tools like Visual Studio, other SDKs, and command line tools like PowerShell. The Service Administrator can also add and remove other Co-Administrators. The Service Administrator is the only user authorized to change a subscription’s association with a directory in the Azure Management Portal.

Account Administrators using a Microsoft account must log in every 2 years (or more frequently) to keep the account active. Inactive accounts are cancelled, and the related subscriptions removed. There are no login requirements if using a work or school account.

Getting a Azure subscription

You can get a Azure subscription via an Enterprise agreement, Microsoft reseller, Microsoft partner of personal (free) account.

Subscription Usage

Azure offers free and paid subscription options. The most commonly used subscriptions are:

Resource limits

Azure provides an overview tho see the number of resources used in Usage + Quotas. In this overview you also see the default limits. If you want to use more than the default limits, you need to put a request via a form.

Management Groups

Management groups are the new way to manage multiple subscriptions. With management groups you can manage access, policies, and compliance for those subscriptions. You can place subscriptions and management groups inside a management group. The policies is applied to all management groups, subscriptions, and resources under that management group.

graph TD A[fa:fa-users
Tenant root
Group] A -->B[fa:fa-users
IT] A -->C[fa:fa-users
Marketing] A -->D[fa:fa-users
HR] B -->E[fa:fa-users
Production] B -->F[fa:fa-users
Development] E -->G[fa:fa-key
EA Subscription] E -->H[fa:fa-key
EA Subscription] D -->I[fa:fa-key
Free Trail] A -->J[fa:fa-key
EA Subscription]

The management group has two field when creating.

Powershell command to create management groups.

New-AzManagementGroup -GroupName 'Contoso' -DisplayName 'Contoso Development'

Azure enterprise enrolment

graph LR; A[Azure Enterprise
Enrolment] A -->|1 to
Many| B[Departments] B -->|1 to
Many| C{Accounts} C -->|1 to
Many| D{Subscriptions} D -->|One| E[Resource one] D -->|Two| F[Resource two]

Billing

Resources