Here’s a summary of the key points when evaluating the scenario of adding a free trial Azure subscription under an enterprise-owned Azure Entra ID tenant:
You should keep in mind a certain hierarchy, all azure services starts from a Top-Down with an Entra ID, probably, you will want to start this Entra ID and Free Trial as an individual (member of the company) but with a target to transfer the ownership to someone with a role in the company to become the billing owner (CTO, Finance Department, etc...).
So, during the first 30 days after you've created an Azure free account, you have $200 credit in your billing currency to use on any service, except for third-party Marketplace purchases. You can experiment with different tiers and types of Azure services using the free credit to try out Azure. If you use services or Azure resources that aren’t free during that time, charges are deducted against your credit.
- If you don’t use all of your credit by the end of the first 30 days, it's lost. After the first 30 days and up to 12 months after sign-up, you can only use a limited quantity of some services—not all Azure services are free.
Within this 12 month, keep this in mind, even if the trial Azure Subscription is over, the Tenant can remain as the Enterprise production landing zone.
RBAC Roles at Azure Entra ID (Billing Responsibility)
- The Owner of the Azure Entra ID (Tenant = Environment) should be your company, not a single individual.
- The concept of Subscription is fundamental from a billing governance perspective1.
- The billing (charges, free trial credits) falls under the green shaded area1.
Azure Resource Deployment under a Trial Subscription
- What you want to accomplish (Azure Resource) falls into the blue-shaded area.
- Understand the difference between responsibility and ownership/accountability of creating resources and consuming the credits, paying for excess usage beyond the free trial credits.
Next Steps
- Verify access to resources for yourself and others.
- Grant access to resources.
- View activity logs of Azure RBAC changes.
- Assign roles using Azure RBAC.
- If the built-in roles don’t meet the specific needs of your organization, create your own Azure custom roles.
Remember, Azure role-based access control (Azure RBAC) helps manage who has access to Azure resources, what they can do with those resources, and what areas they have access to. It provides fine-grained access management to Azure resources.Here’s a summary of the key points and next steps for adding a free trial Azure subscription under an enterprise-owned Azure Entra ID tenant:
RBAC Roles at Azure Entra ID (Billing Responsibility)
- The Owner of the Azure Entra ID (Tenant = Environment) should be your company, not a single individual.
- The concept of Subscription is fundamental from a billing governance perspective.
- The billing (charges, free trial credits) falls under the green shaded area.
Azure Resource Deployment under a Trial Subscription
- What you want to accomplish (Azure Resource) falls into the blue-shaded area.
- Understand the difference between responsibility and ownership/accountability of creating resources and consuming the credits, paying for excess usage beyond the free trial credits.
Next Steps
- Verify access to resources for yourself and others.
- Grant access to the free trial subscription.
- View activity logs of Azure RBAC changes.
- Assign roles using Azure RBAC.
Remember, Azure role-based access control (Azure RBAC) helps manage who has access to Azure resources, what they can do with those resources, and what areas they have access to. It provides fine-grained access management to Azure resources1.
Image Source: https://learn.microsoft.com/en-us/azure/role-based-access-control/rbac-and-directory-admin-roles
Official Reference #1: https://learn.microsoft.com/en-us/azure/role-based-access-control/built-in-roles
Official Reference #2: https://learn.microsoft.com/en-us/training/modules/secure-azure-resources-with-rbac/