Setting up Azure subscription and resources at your institution

  • Article

Subscriptions & Resource Groups are one of the most important aspects when looking at how to deliver/provide cloud resources to your staff/students

Here are some best practice principles around providing Azure at your institution.

1. Create new major subscriptions to hold resource groups, according to broad categories

  • Central IT
  • Unit IT
  • Research Groups 
  • Students and Student Project/Courses

2. Used Role Based Access Control

  • Create new resource groups for newly on-boarded teams, instead of new subscriptions
  • Resource groups allow you to implement role based access control so students can be contributors to services but not owners and IT staff can have overall control
  • We have created a set of Role Based Access Control scripts at https://github.com/MSFTImagine/computerscience/tree/master/Scripts

 

Here are some example of how subscriptions can be associated to Azure Resource Groups, which then can be used to enforce access to Azure Cloud Services based on Azure Role Based access control - https://docs.microsoft.com/en-us/azure/active-directory/role-based-access-built-in-roles 

Azure Resource Groups

Resource groups are a new concept in the Azure Portal https://portal.azure.com 

We think of them as "lifecycle boundaries," because when resources share a resource group, their lifecycles (from create, to update, to delete) are managed in an integrated way. Use resource groups to collect and manage all your application resources. Link resources across resource groups, share resources across lifecycle boundaries, and manage costs. View, monitor, and track your usage and billing for all the resources your application uses. New visuals show you every resource in the group, including any resources that are linked across groups.

https://docs.microsoft.com/en-gb/azure/azure-resource-manager/resource-group-portal

Azure Subscription for Admin Function

 

image

 

Azure Subscription for Research Functions

image

Azure Subscription for Student Labs/Resources

 

image

 

In terms of structure and management these groups can be built around the institutions Azure Active Directory or Office365 tenant to ensure only users of appropriate groups and team have access to the necessary resources.

Here is a an example of the types of users and role which they may undertake,

image

if your interested in learning more about Azure subscriptions in your institution please get in touch and we can introduce you to your institutions Microsoft account manager