Are you finding it irritating having to keep logging out of your Office 365 Administration Portal to login to Windows Azure Management Portal or visa versa? Surely it would be easier to use the same identity right? well… I am going to go through steps to show you how to do this and hopefully make life easier when administering multiple Microsoft Cloud Services.
As more and more organizations adopt Microsoft Office 365 and Windows Azure people are asking more and more questions around these topics and one of the more common questions that appear is “How do I use the same Office 365 admin account to manage my Windows Azure Subscription?”
So, here is the story……..
You signed up to Microsoft Office 365 to provide your organization with Exchange Online, Lync Online & SharePoint Online. It is also possible that you will be using the Windows Azure Directory Sync Tool to manage your users within Office 365 from your Corporate Identity Service (Active Directory) with Password Sync or furthermore you may have chosen to enhance your sign-in experience and use Federated Identity (Active Directory Federation Services) instead.
You signed up to Microsoft Office 365 to provide your organization with Exchange Online, Lync Online & SharePoint Online and you manage your users using the Office 365 Administrator Portal (Cloud Identity).
You signed up for a Windows Azure Subscription so that you could host internal applications, infrastructure as a service (IaaS) or even host a web service your users / customers - either way you have a Windows Azure Subscription that you also manage
and at the moment…..
You think to yourself “as an administrator of both platforms wouldn’t it be great if I could sign-in to each administration portal with the same login” or you may even want to use your Office 365 Azure Active Directory as the Identity Provider for an Application that you have hosted on Windows Azure?
Am I on the right path…. does it sound about right?…. or maybe not… well hopefully this will help… feedback is always welcome. [positive or otherwise!]
WARNING: If you do this process, your account administrator won't be changed and so this will continue to be your Microsoft Account (LiveID) and so if you are going to also want to change this to be a Work Account I would recommend that you open a Support Incident and direct it to the Windows Azure Subscriptions Management Team whom will be able to assist you in an Account Ownership Transfer so that both the Account Administrator and Service Administrator of a subscription are transferred over to your existing directory.
If you attempt to DELETE the directory in which was created for you as part of signing up for Microsoft Azure [after 27th July 2014] using a Microsoft Account (LIVE ID) you may find that this fails, because the Microsoft Account that is set as the account administrator will still be homed in the directory in which you obtained when signing up to Microsoft Azure. In order for you to be able to delete that directory you will need to do an Account Ownership Transfer as per the above. If you do not do this, you will NOT be able to delete the old directory.
Link Microsoft Office 365 Azure Active Directory to Windows Azure Subscription
- Login to Windows Azure Subscription using your Microsoft Account [outlook.com, hotmail.co.uk or live.co.uk]
- Select New + > App Services > Active Directory > Directory > Custom Create
3) Select ‘Use Existing Directory’
4) When you click on the ‘Tick’ you will be signed out of Windows Azure Subscription and presented with the Microsoft Portal Login Page. At this point you need to type in your Office 365 Global Administrator Credentials Example: email@example.com
5) You will now be asked for confirmation that you wish to add your Office 365 Windows Azure Active Directory to your Windows Azure Subscription. Click ‘Continue’
6) Upon successful completion, you can click ‘Sign Out Now’ which will re-direct you to the Microsoft Portal Login Page. You now need to sign back in with your ‘Microsoft Account’ to administer your Windows Azure Subscription. https://manage.windowsazure.com. Once you have signed back, click on the ‘Active Directory’ node on the left hand side and ensure that you now see 2 Active Directories.
If, after you have completed the above process the Azure Active Directory that you were attempting to add does not appear upon logging back in with your Microsoft Account, be sure to check that your Microsoft Account namespace (firstname.lastname@example.org) does not already exist as a user account in the Directory you were adding. i.e. if your MSA is using your work e-mail address this will probably be the case.
In this scenario, login to https://account.windowsazure.com and select your Windows Azure Subscription. Select "Edit Subscription Details" and change the Service Administrator Account to be an alternative Microsoft Account aka Live ID such as @outlook.com and then re-attempt the procedure. It will then complete, you can then change the Service Administrator Account back to your Work Microsoft Account aka Live ID upon completion.
Add Co-Administrators that belong in an Alternative Windows Azure Active Directory i.e. Office 365
The next part I will go through the steps to add a co-administrator from an alternative directory that you have in your windows azure subscription.
- Office 365 Azure Active Directory – Linked
- Manually created directory that is potentially used for Cloud Applications etc. i.e. if you did not setup your vanity domain with Default Directory and you setup Directory Sync or Federated Identity to a manually created Azure Active Directory.
1) Login to Windows Azure Management Portal http://manage.windowsazure.com with your Microsoft Account.
2) Select ‘Settings’ from the left hand task pane > Subscriptions
3) Select Subscription & Click on Edit Directory
You need to now select the directory that you want to associate with your subscription. click next, and you will now be told weather this change will affect any of your existing co-administrators. it shouldn’t if you don’t have any others yet configured that use the default directory as the identity source i.e. all your current co-administrators use Microsoft Accounts.
4) Click the ‘Tick’ and then Press ‘Ok’ to reload the Directory.
5) Go to Settings > Administrators > Add
6) Type in the User ID of your Office 365 User Account that you want to give permissions to login to windows azure subscription as a co-administrator.
*you will notice that it will find that user ID is associated with your directory that you either ‘linked’ if you did it for Office 365 or that is located in the manually created Azure Active Directory. [hopefully, this makes sense to those of you who use Azure AD for more complex scenarios and not use O365]
Click on the ‘Tick’ when you have finished, and then you should see a ‘successful’ task and this user should now be able to login to windows azure subscription, and be able to administ
er this subscription.
If you get the following error displayed, the person you are adding does not belong to the directory which you associated with this subscription. check to ensure you completed all of the required steps.
Once you have done the above process, you will notice that the Azure Subscription still will have the Microsoft Account aka Live ID configured as the Account Owner and Service Administrator, If you wish to change these you need to open a Support Incident to the Subscriptions & Billing Team whom can assist you in transferring the subscription ownership from your Microsoft Account to Work Account aka Organizational Account.
If you have any questions, please be sure to contact me and I would be more than happy to help!