Azure Management Certificates and Publishing Setting file with CSP Subscriptions

In this post I will talk about a limitation of Azure CSP Subscriptions that makes users unable to work with Azure Management Certificates and Publishing Setting files.

 

Azure Management Certificates and Publishing Setting files (which is a file that contains the Management Certificates) are only intended and limited to manage Azure Service Management (ASM) resources, which means, resources from the Previous Azure Portal (https://manage.windowsazure.com). Please, see reference below:

 

What are management certificates?

Management certificates allow you to authenticate with the Service Management API provided by Azure classic. Many programs and tools (such as Visual Studio or the Azure SDK) will use these certificates to automate configuration and deployment of various Azure services. These are not really related to cloud services.

/en-us/azure/cloud-services/cloud-services-certs-create

 

Note: If you don’t know how to create and upload Azure Management Certificate and download Azure Publishing Setting file, please visit Upload an Azure Management API Management Certificate and Get-AzurePublishSettingsFile.

 

So, what if I have a CSP account and want to use Azure Management Certificate or Azure Publishing Setting file? In order to answer this question, let’s first talk a little bit about Azure CSP Subscription.

What is CSP?

Here is the CSP definition from the official website:

The Microsoft Cloud Solution Provider program enables partners to directly manage their entire Microsoft cloud customer lifecycle. Partners in this program utilize dedicated in-product tools to directly provision, manage, and support their customer subscriptions. Partners can easily package their own tools, products and services, and combine them into one monthly or annual customer bill.

https://blogs.technet.microsoft.com/hybridcloudbp/2016/03/03/introduction-to-csp-model/

 

The thing is that, CSP Subscriptions have a limitation which is: They only have access to Azure Resource Manager (ARM) resources. Which means, only Resources that are only created in the new Azure portal (https://portal.azure.com/ ) and don’t appear in the previous Portal. Please reference below:

 

Difference of Azure CSP Subscriptions

To understand the nuances of Azure subscription migration to CSP, you need to understand what is the difference of Azure CSP Subscriptions comparing to Traditional Azure subscriptions and Azure EA subscriptions:

  • Only ARM services available – latest and greatest. No legacy ASM or “Classic” services, no “IaaSv1”.
  • Not all ARM services, available in Traditional/EA Azure subscriptions are available in CSP. But almost all of them.
  • Since there are no ASM services, there is no need in old Azure Portal

https://blogs.technet.microsoft.com/hybridcloudbp/2016/08/26/azure-subscription-migration-to-csp/

 

So, if you try to use either Azure Management Certificate or Azure Publishing Setting file in a CSP Subscription it won’t work, because CSP accounts only supports ARM resources and Management Certificate/Publishing Setting file are only for ASM resources. So it won’t be possible to use them to automate the management of your resources in Azure.

 

If you review the link Using Azure PowerShell with Azure Resource Manager you will get helpful information about how to manage the resources in the CSP account thru Azure PowerShell and we can also see the following note:

“The Resource Manager modules requires Add-AzureRmAccount. A Publish Settings file is not sufficient.”

 

References:

/en-us/azure/azure-resource-manager/resource-manager-deployment-model https://msdn.microsoft.com/en-us/library/dn385850(v=nav.70).aspx /en-us/azure/azure-api-management-certs