Users and MSDN Azure Benefits Q&A

  • Article

I’m starting to field a whole bunch of really good questions about using MSDN Azure benefits, and particularly for teams of users, so I thought I’d put together this post that answers some of those questions.

Co-managing an Azure Account

Azure provides the ability to add “co-administrators” to a particular account. A co-administrator does not “own” the account, per se, but has the ability to provision azure services, just as the core administrator does.

In addition, customers can use this method to add multiple users to a single Azure subscription as co-administrators (whether that subscription is MSDN based or not)

To add another user as a co-administrator to an existing account:

1) Log into the Azure Management portal (https://manage.windowsazure.com) using your Microsoft ID

2) Click Subscriptions on the top menu, and then select Manage Administrators

image

3) Enter the MicrosoftID of the new co-administrator, and select the subscriptions you want them to be able to administer:

image

4) Once completed, the user will have the ability to select that subscription to manage, by checking it off under the subscriptions drop-down:

image

5) When creating new items, the user will have the option to specify which subscription the item should be created with, in the various “New” dialogs.

 

Using a “Generic” Microsoft ID to access Azure Benefits

Technically, there is no reason that a “generic” Microsoft ID will not allow any user that has it to access the management capabilities permitted to that ID. Again, this does not address any licensing related issues.

Accessing Resources provisioned from another user

There are many ways users can gain direct access to azure resources without using the management UI. Here’s some information that might be helpful:

  • Cross Account Resources
    • Many azure features cannot use resources that span different account when being created. While UI limits here may change in the future (see the Azure web site for info), at current, you cannot, for example, create an Azure VM on one account and have it stored in the storage account of another user.

 

  • Virtual Machines
    • Virtual machines can be accessed over the web using remote tools such as Remote Desktop and Powershell. This allows any user (notwithstanding licensing constraints) to access an Azure virtual machine for interactive use, management, etc.

 

  • Storage
    • Azure storage resources can be accessed directly via URL, and in some cases with the appropriate management keys, which can be obtained through the management UI.
    • storage objects can be accessed directly through various tools, such as third party tools and the Azure Powershell, but still need to have the account details set up
    • There are tools to copy/move and otherwise manipulate storage objects without using the management UI, but in almost all cases, you’ll need to have the right access keys