Enterprise Enrollment Onboarding-Overview of Roles on Azure Portal
This article explains the common tasks that an administrator accomplishes in the Azure EA portal (https://ea.azure.com). The Azure EA portal is an online management portal that helps customers manage the cost of their Azure EA services. For introductory information about the Azure EA portal.
This article is also very important for those who (Engineers, Architect, Managers, Administrator, customers etc) don’t have access to the Customer EA Portal and want to learn and do some common tasks on EA Portal.
- Overview of Roles on Microsoft Azure Portals.
- Activation of the Microsoft Azure Enterprise Portal.
- Adding Departments, Accounts, Subscriptions, and Azure Services.
- Overview of Reporting and Notification.
1. Overview of Roles on Microsoft Azure Portals.
To administrator your Microsoft Azure Services under Enrollment, there are four distinct administrative roles:
- Enterprise Administrator
- Department Administrator
- Account Owner
- Service Administrator
Users are required to authenticate using a valid Microsoft Account (LiveID http://signup.live.com) or Work or School Account ( Azure-based Active Directory). If possible please ensure the ID entered is associated with a monitored mailbox as Enrollment and account notifications will be sent to this mailbox.
- The roles complete tasks on two different Microsoft Azure portals. The Enterprise Portals (ea.azure.com) and the Azure Portal (portal.azure.com)
Enterprise Portal:
Enterprise Administrator: The Enterprises Administrator can add other Enterprise and Department Administrators, add Departments, Add or Associate Accounts to the Enrollment, can view usages and charges data across all accounts and Subscriptions, can view the monetary commitment balance associated with the Enrollment. There is also a read-only role that can view and read but not change or edit within the EA Portal.
Department Administrator: The Department Administrator can edit their department name and cost centre, manage department admins, and accounts to the enrollment and their departments, remove accounts from their departments and view Departments charges if enabled by the Enterprise Admin.
Enterprise Portal:
Account owner: The Account Owner can add Subscriptions for their Account, update the Service Administrator and Subscriptions roles for their Subscriptions, view usage data for their Account, and view Account charges if enabled by the Enterprise Administrator. The Account Owner will not have visibility of the monetary commitment balance unless they also have Enterprise Administrator rights.
Service Administrator: The Service Administrator and up to 199 Co-Owners per Subscription can access and manage Subscriptions and services within them in the Azure Portal. The Service Administrator does not have access to the Enterprise Portal unless they are also one of the other two roles. Subscription roles can be set using Role-Based Access with roles defined in Azure Active Directory.
2. Activation of the Microsoft Azure Enterprise Portal.
Ideally, before logging into the Enterprise Portal, the Enterprise Administrator should identify the accounts of the individuals they want to fill these roles:
To activate your service, the initial Enterprise Administrator should go to https://ea.azure.com and log in using the email address listed in the invitation email that was sent.
NOTE: If the Enterprise Admin email is listed as a Microsoft Account and you have not created a Microsoft Account associated with the email address from which you received the invitation, you will need to do so before signing on by going to https://signup.live.com and utilizing this email address when creating a Microsoft Account.
Types of Authentication Credentials
Log In and Activate Your Online Services
Step-1: Log onto the Microsoft Azure Enterprise Portal by clicking on the Link provided in he invitation email or by going to https://ea.azure.com
Step-2: On the Enterprise Portal landing page, select Authentication Mode, click the Sign in button.
Step-3: Activate the online service by entering account email address and password of the initial Enterprise Administrator in the appropriate fields.
Step-4: Click the Sign in button
Step-5: Begin administering your Microsoft Azure Services
Note: For a Personal Microsoft Account it is a password you have created. For a work or School Account you must have a cloud-based Azure Active Directory and the password is provided by your Organization.
Best Practice is to clear browser cache and use in-private browsing to avoid cashed credentials which can manifest as login problems.
Log in and Activate Your Online Services
If you have more than one enrollment you will have to choose from among them. Also by default only active enrollments are shown. To see historic enrollments deselect the Active box at the top right. Enrollment 100 below for example is now in a transferred status because we migrated from it to 8608480.
3. Adding Departments, Accounts, Subscriptions, and Azure Services.
Manage Enrollment Panel
When you log in to the EA Portal you begin in an Enrollment view for enrollment level details. Here your main tasks are to add others in administrative roles and change any desired enrollment level settings.
Adding/Editing Enterprise Admins and Notification Contacts
Department/Account Setup Methodology
Department were created to help segment costs into logical groupings and then set a budget or quota at the department level. They are added for EA customers Before Azure Resource Manager was available and before Management Groups, Resource Groups and Service Tags were available. if you are starting new with Azure or organizing for modern Azure we would recommend you use Management Groups, Resource Groups and Service Tags to define your hierarchy and enable budgeting and cross charging. Azure cost management in the azure Portal now provides subscription level budgeting tied to action groups so you can take an actions when a threshold is exceeded.
Manage Departments Panel
Department focus allows you to operate at the department level. The new default iconic view uses colour to show active departments in green and inactive departments in orange. If you prefer a list view you can toggle to that view. A department name can only be used once and once deleted remains in an inactive status for historic billing reasons. To re-use a department edit and the name instead of deleting it.
Mange Department Details
Clicking on a department brings you to the detail view where you can edit department details.
The Department Administrator Role
Department Administrator
The Department Administrator has ability to do the following:
- Create Department Administrator (Department focus click on add administrator)
- View/Edit Department properties such as name or Cost Center (Department focus click on edit pen icon)
- Create a new Account Owner on the Department they administer (Switch to Account focus click on add account)
- Remove the associated Accounts from the Department they administer (In Account focus hover over the account and then select the x icon to delete)
- Download usage details of the Department they administer (Switch to Reports panel on left Select Download Usage focus)
- View the monthly Usage and Charges associated with their Department if Enterprise Administrator has granted permission to do so. (Switch to Reports panel on left Select Usage Summary focus)
Manage Accounts Panel
Account Panel us where you do all things related to accounts
Create or Associate an Account
You may create a new account or associate an existing Account with your enrollment. To Associate, an existing Account enters the Account Owner email address associated with your existing account.
To create a new account, enter an Account Owner email address that is not associated with an existing account. Creating a new Account or associating an existing Account requires confirmation of account ownership.
The owner of the email address provided in the above step will receive a notification that they have been invited to activate their account in the Enrollment.
- Confirm Account Ownership by signing in to the Enterprise Portal with the Account Owner email address provided. Receipt of an email notification is not required for login. Account Owners can log in by going to https://ea.azure.com.
Manage Accounts Panel — Edit Account
Selecting the edit icon bring a pop over where you can change the accounts name, associate the account with specific department, enable the creation of EA Dev/Test subscription offers and set a Cost Center.
To be continue to with next article …..Don't miss the second part
Thank You.