View
221
Download
2
Category
Preview:
Citation preview
Stores data within the United States.
Offers a roadmap for meeting rigorous compliance demands (i.e. FedRAMP, CJIS, and HIPAA) of a
government-only cloud.
Provides rich infrastructure, storage, and identity management capabilities delivered through cloud,
on-premises, and hybrid solutions.
Provides a physical and network-isolated instance of Microsoft Azure.
Provides screened U.S. citizens and policies to help protect customer data and applications.
2
Microsoft Azure Government is a government-community cloud that offers hyperscale compute, storage,
networking, and identity management services with world-class security.
Azure Government Hierarchy
Enrollment
Department A
Account A
Subscription 1 Subscription 2
Account B
Subscription 3
Department B
Account C
Subscription 4
Account D
Subscription 5
3
• Enterprise Agreement
• Invoice Level
• Service Layer
• Example:
• Subscription 1 = Dev
• Subscription 2 = Prod
• Provision within Azure Gov AAD
• Example:
• Account A = PM of Project 1
• Account B = PM of Project 2
• Optional layer in the hierarchy
• Example:
• Department A = IT
• Department B = Finance
Azure Government Portals Overview
Enterprise Portalea.azure.com
4
•
•
•
account.windowsazure.us portal.azure.us
•
•
•
•
•
•
•
•
•
• •
•
F
u
n
c
t
i
o
n
S
c
r
e
e
n
s
h
o
t
R
o
l
e
s*Note: The classic version of the Azure Management Portal is still
available at manage.windowsazure.us*
Azure Government Roles & Azure Active Directory (AAD) Associations
Enterprise Admin
5
Enterprise Portal
Department Admin
GOV
AADO365
AAD
GOV
AAD
O365
AAD
GOV
AAD
GOV
AAD
GOV
AAD
GOV
AAD
Note: Additional Role Based Authentication Control (RBAC) roles can be found here
Azure Government Account Overview
Gov
AAD
Enterprise Admin Department Admin
Can be used in all roles in all portals
Can be used only in the Enterprise Portal
6
Microsoft Account
(Live.com, Outlook.com, Hotmail.com)
Not recommended for use in Azure
Government
O365
AAD
7
Azure AAD Considerations On-Premises (Customer) In the cloud
AD on premise
(user@GovDomain.com)
user@AzureGovDomain.onmicrosoft.com
You can connect your on premise Active
Directory to either O365 Azure Active
Directory or Azure Government Azure Active
Directory.
user@O365Domain.onmicrosoft.com
Azure Gov AAD
O365 AAD
OR
Note: When adding a new account owner, the account must be within the Azure Active Directory domain within your Azure Government
environment. See the section below on Adding Users to your Azure Active Directory for details on how to create additional accounts. Also note that
the account will not become Active until that account owner logs in to the Enterprise Portal. Only active accounts can be used to create additional
subscriptions.
Common Order and Provisioning Issues
8
Issue: Submitting an order that has both Azure Government and Azure Commercial
Solution: Azure Government and Azure Commercial must always be on a separate enrollments
Issue: Submitting an order that has the reseller listed as the Online Notices Contact
Solution: When completing the order ensure that the customer is listed as the Online Notices Contact
Issue: Customers are not able to access their Azure Government instance
Solution: There are many reasons why this might happen, but the most common one is that when a customer is new to Azure
Government we need to manually provision their tenant (example: cityofphiladelphia.onmicrosoft.com). Customer
will be notified of this process in the Welcome Email.
Issue: When adding a Enterprise, Department or Account Owner the portal gives an error message “Invalid Account”.
Solution: This is caused because the setting on the Enrollment Tab for “Auth Level” isn’t set to “Work or School Account Cross
Tenant”
Issue: Adding an Enterprise Administrator that is already a Department Administrator (and vice versa).
Solution: The Department Administrator needs to be different, find a backup and make the backup be the Department
Administrator.
Issue: Cannot create an Account Owner
Solution: Ensure your Account Owners are setup within an Azure Government AAD
Enterprise Portal Overview
9
The Enterprise Portal has many functions as seen in the screen shot below. It is where you will Manage access to the following key roles. It is also where you will see Reports for
usage on the enrollment.
Manage Panel
You can move to Department, Account and Subscription level from here.
You can also create and modify Enterprise Admins, Department Admins,
Account Owners and subscriptions
Reports Panel
Shows reports that outline consumption of services in your enrollment.
The amount of details that are available to you are governed by if the
Partner has enabled the option to Show Partner Markup
Enrollment Number
This number to the left under the Windows icon is the Enterprise
Agreement number from your Azure Government enrollment
Notification Panel
Provide updates based on service updates and other communications
relating to your Azure Government instance
Help Panel
Provides self-help tutorials on a variety of topics ranging from how to
Add a new Subscription to how to enable Partner Markup
Department/Account Setup Methodology
11
Choosing the right set up methodology for your organization is an important first step in setting up your enrollment. How you set up your Departments/Accounts and
Subscriptions will impact how they are administered and how they are reflected on your enterprise level reports. This is now done by adding the account with the Name you
want then creating a Department and associating the account with the Department
Manage - Enrollment Panel OverviewWhen you login to the EA Portal you begin in an Enrollment view for enrollment level details. Here your main tasks are to add others in administrative roles and change any
desired enrollment level settings.
You begin at the enrollment level.
The focus will be highlighted in blue
You can move to Department,
Account and Subscription levelYou can see and add
Enterprise Admins
Hovering over the
headshot icon will allow
you to see your login
credentials and sign out
You can add a
notification
contact here
You can
move to
reporting,
notifications
and Help
views on the
left hand
navigation
panel
Related
accounts is
the same as
the account
view on topPlease note that this Support link will direct you to
Commercial Support. Please submit support requests
directly within the Azure Portal (portal.azure.us)
Feedback can be provided
through the comment icon
12If DA view charges is enabled then Department Admins will be able to see usage.
If AO view charges is enabled then Account Owner will be able to see usage.
Enabling
Marketplace
will give you
access to the
Azure
Government
Marketplace
Add/Edit Enterprise Admins & Notification Contacts
Clicking on the Add buttons will bring slide
outs in from the right side of the screen.
Fill in the action box with appropriate detailsTo focus on a specific Enterprise Admin hover over it. An edit pen and delete icon will appear. Selecting
edit will open a screen to update notifications and selecting the x will open a screen to delete the admin
13
When creating a new Enterprise Admin ensure Auth Level is set to:
“Work or School Account Cross Tenant”
Notification Contacts can added to provide billing/usage
information to identities outside of Azure Government
Read-only role flag for those who can see usage but cannot add/edit roles
Manage - Department Panel OverviewThe Department focus allows you to operate at the department level. The default iconic view uses color to show active departments in green and inactive departments in orange.
If you prefer a list view you can toggle to that view. Clicking on a department brings you to the detail view where you can edit department details
Clicking on the edit pen
opens additional details
Related accounts
will now show
accounts with
the department
focus set
14
Clicking on the
Department will
open a Details
view where you
can view and
edit details
You can add Departments here. Clicking on add will bring a slide out from the
right hand side of the screen with an action box to fill in details.
Default view uses Icons. You
can toggle to a list view here
Filter to show
only active
status items
You can add
Department
Admins here.
Clicking on add
will bring a
slide out from
the right hand
side of the
screen with an
action box to
fill in details.
Manage - Account Panel OverviewThe Account Panel is where you do all things related to Accounts. To manage account details hover over the account until it is highlighted then select from the icons on the right
Status:
Active - if account owner has logged in.
Pending - if account owner has not logged in.
Inactive - if the account owner has been deleted
Auth Type: Shows the
Authentication method required
for each account
Start Date is the date the account owner first
logged in.
End Date is the end of EA contract period
Department is
Unassigned until
set by Enterprise or
Department Admin
15
You can select accounts
across all departments or
filter by department
Filter to remove deleted
accounts from view.
Once deleted they show
as Inactive but remain for
historic billing info. They
can be re-added as well
View My Account opens
the Account Detail screen
where you can edit your
account name for
example
You can see and define Cost Center
at the Department, Account and
Subscription Level
Important information prior to adding Account Owners
16
• The first time you login to the EA Portal as an Account Owner
you will see this warning. It is important to read and
understand because any existing subscriptions that are owned
by this Account Owner are about to be converted and benefits
could be lost
• A Trial Account that is added to an enrollment will lose their
individual monthly Azure credit
• A Sponsored Account that is added to an enrollment will lose
their individual monthly Azure credit
• Azure Commercial Account Owners cannot use the same
identity for Azure Government
Manage Accounts Panel – Add Account OwnersThe Account Panel is where you do all things related to Accounts. To manage account details hover over the account until it is highlighted then select from the icons on the right.
Note: When adding a new account owner, the account must be within the Azure Active Directory domain within your Azure Government environment. See the section below on
Adding Users to your Azure Active Directory for details on how to create additional accounts. Also note that the account will not become Active until that account owner logs in to
the Enterprise Portal. Only active accounts can be used to create additional subscriptions.
17
You can add Accounts here.
Clicking on add will bring a slide
out from the right hand side of
the screen with an action box to
fill in details.
Create or Associate an Account Owner
18
You may create a new Account Owner or associate an existing Account Owner to your enrollment.
Create a New Account – Enter the identity of a new user that you want to be able to create
subscriptions in both the “Email Address” and the “Confirm Email Address” sections. (Please note that
the user must have first been created in the Azure Government Active Directory. For details on how to
do this see the slides below that highlights “Adding Users in Azure Active Directory”)
Associate an Account Owner to an enrollment (common when coming from a Trial of Sponsorship) -
enter the Account Owner email address that you want to associate from a Trial or Sponsorship in the
“Email Address” and the “Confirm Email Address” sections.
Creating a new Account Owner or associating an existing Account Owner requires confirmation of
account ownership. In order to confirm ownership the new Account Owner must sign into the
Enterprise Portal
IMPORTANT NOTICE: The association of an Account and its subscriptions happens on the day the
Account Owner signs into the enterprise portal and thereby confirms association of the account owner
email address. Existing subscriptions transferred to an Enterprise Enrollment will be immediately
transitioned to billing on the Enterprise Enrollment on that day. The Account owner is responsible for
paying any outstanding charges on the payment instrument prior to the association date.
All usage on transferred accounts will be billed based on terms of the Enterprise Enrollment.
Subscriptions that were using a different offer type for payment like Pay As You Go on a credit card will
be converted to Enterprise Offers. The automated process will rename the subscription appending the
words (converted to EA) to the end of the subscription name so that you know it has made that
transition. If an account has subscriptions with special pricing (including no charge services), once
transferred, the account will begin incurring costs based on the terms of the Azure Amendment to the
Enterprise Enrollment
Manage Accounts Panel – Edit Account OwnersSelecting the edit icon brings a pop over where you can change the account name, associate the account with a specific department and set a Cost Center
Hovering over the account reveals
the Action Icons. Options are Edit
Account, Delete Account, Change
Account Owner and Transfer
Subscriptions
19
Clicking on the edit pen opens
this overlaid view.
Manage Accounts Panel – Change Account OwnerThis process will allow you to transfer subscriptions from one account owner to another
20
Clicking on this icon begins the
process of the changing the
Account Owner
The Selection box will highlight
eligible transfer candidates in dark
bold text.
Candidates are made eligible by
being active and having created at
least one subscription.
Please note limitations.
Status will appear at the top of the
window after submission. Transfers
are not instant. If the transfer has
not completed in an hour please
contact support.
Manage Accounts Panel – Transfer SubscriptionsTransfer individual subscriptions from one account owner to another. So if Account A has three subscriptions the Enterprise Admin could transfer one to Account B, one to
Account C and one to Account D.
21
Clicking on this icon begins the
process of the changing the
Account Owner
The Selection box will
show a subscription
list to select from.
Select the target
from the bold dark
eligible destination
accounts.
Continue on to
transfer the
subscription in the
final window.
Status will appear at
the top of the panel.
Manage Accounts Panel – Transfer SubscriptionsWhether doing an ownership change (transferring all subscriptions) or individual subscription transfers, to see the transfer status you will have to first deselect the Active filter to
show subscriptions in non-active statuses. You will also notice that the subscription is in Active Transferring status until the transfer is completed.
22
Remove the check
next to the Active box
Subscription Setup Methodology
23
Creating different subscriptions for each environment (e.g. Production and
Dev/Test) within your applications and assigning a different Service Administrator
and Co-Administrators to each subscription can be used to help control access to
development projects and environments within your organization.
An Account Owner can have one or multiple subscriptions.
Example: Joe has two subscriptions and John has one
Only the Account Owner has the ability to create a subscription. Subscriptions may have any combination of services associated to them.
Manage - Subscriptions Panel OverviewThis view allows you to view or refresh all subscriptions available to you and if you are an account owner add new subscriptions.
Only an Account Owner will
have an add subscription link
Setting a Cost Center
value at the
subscription level can
only be done after
the subscription is
created. To do so,
hover over the
subscription to reveal
the edit icon and
then click on it.
Within the popover
box you can set or
edit the subscription
level Cost Center
24
Clicking on View
Managed
Subscriptions will
allow you to see all
the subscriptions that
you have access
Unchecking this box will show all
inactive subscriptionsFilter by Department and Account
Add a New Subscription
25
When you add a new subscription to your
enrollment from the enterprise portal, you will
be defaulted to the US Government Azure
Enterprise Offer.
When you add an additional subscription you
will need to check the box denoting “This
subscription is governed by your Enterprise
Agreement” then click on Purchase.
Each new subscription will default to the name
US Government Azure Enterprise Offer. It is
best practice to rename to something unique
after it is created so you can identify each
subscription. This renaming is done via the
Account Portal (Please see slide in this deck
titled “Edit Subscription Details”)
Add a New Subscription
26
Subscription creation is completed through the Account Portal and
can take a few minutes.
When it is ready you will see a link to take you to the Management
Portal. You will need to come back to the Account Portal to
customize the subscription name.
Edit Subscription Details
27
Select the desired subscription from the Subscriptions List.
You can edit both the subscription name and Service
Administrator.
• Subscription name should be representative of the
subscription and differentiate it from other subscriptions.
• The Account Owner will be the default Service Administrator
on new subscriptions. Any other identity from within your
Azure Gov AAD tenant can be set as the Service
Administrator.
Next, select Edit Subscription Details from the right hand
navigation menu.
Reports – Two Key Usage ReportsThese reports will show consumption of services in your enrollment. The amount of details that are available to you varies based on if partner markup is show
29
Usage Summary
Report
This report will only
show if your
Partner has
enabled show
Partner Markup for
your enrollment. It
will show
consumption by
unit as well as
usage charges ($).
Service Usage Report
This report shows consumption by unit but it
does not include actual usage charges ($). If you
would like to see usage charges ($) then you will
need to reach out to your Partner and request
that they publish markup for your Azure
Government enrollment.
Reports – Published Markup PricingThe reports you will see depends on whether your partner is using the Publish Markup feature available to them. You will be able to tell if you Partner is the using the markup
feature by the absence or presence of the Price Sheet and Usage Summary menu items
30
The presence of
these two items
denote that your
Partner has
published
markup pricing
for your
enrollment
Reports – Usage Summary – Monthly ViewThis default monthly view is where you can see a historic graph with the current month or selected month’s data highlighted on the right. If you scroll down you will get a monthly
detail where you can filter by Department, Account and Subscription
Your view focus will be highlighted
in blue. M is the Monthly view and Q is the
Quarterly view. Click to toggle
Charges are
summarized on
the side and color
coded. Green is
spend against a
monetary
commitment, Red
is Overage,
Yellow is charges
billed separately
by invoice.
Graphical summary
shows Monetary
Commitment as a
blue line. Hovering
at the data point
shows the amount
month by month
31
Hover over the month you want to
focus on for details
You can edit the PO number when you
receive an overage notification
Note: To learn more about pricing, billing
and metering, click here.
Service – Each of the Microsoft Azure
services that have been utilized by one or
more subscriptions during the calendar
month
Consumed Units – The amount of service
consumed (hours, GB, etc.), during the
selected month
Unit of Measure – The Unit of Measure
used to calculate charges each month
Unit Price – The commitment pricing per
unit used to calculate monthly charges
Usage Charge – The amount of money
applied against your monetary
commitment
Included Units – The Units consumed that
are included at no cost
Charged Units – The Units consumed that
are billable
Reports – Usage Detail – Monthly View
Scrolling down will show usage and charges by categories in
color coded and labelled sections for: charges against monetary
commitment, charges in overage, charges billed separately
32
Reports – Usage Summary – Quarterly ViewThis quarterly view shows the contract year broken down in quarters with the current quarter highlighted. There is a monthly summary for each quarter and if you scroll down you
will get a monthly detail where you can filter by Department, Account and Subscription
Current quarter highlighted. Click
on other quarters to change the
focus to that quarter
Beginning Balance,
New Purchases,
and Adjustments
show pre-paid
balance. Utilized
shows spend
against that
balance. Service
Overage and
Charges Billed
Separately show
amount billed back
in arrears by
invoice.
Please note that
Charges Billed
Separately are
invoiced separately
and not against the
monetary
commitment balance.
They are billed back
quarterly in arrears.
33
Reports – Usage Summary – Filtered UsageScrolling down show the service usage details and cost by service type and allows you to filter by Service Type, Department, Account and Subscription
34
Two views Charge by Service and Charge by Hierarchy:
Charge by Service is Azure Services, Services Billed Separately,
Charge by Hierarchy is Department, Account and Subscription Level
Your view focus will be
highlighted in blue
Reports – Usage Summary – Filtered UsageScrolling down show the service usage details and cost by service type and allows you to filter by Service Type, Department, Account and Subscription
I have chosen Charge by Hierarchy then the “EcoSystemTest”
Department, then the “Admin@ffsubtestna.onmicrosoft.com”
account, then the “MS-AZR-USGOV-0017P” subscription
Clicking on the Department, Account or Subscription
Name expands the panel for that view.
35
Reports – Download UsageThis is where you can see details in a spreadsheet that provide the lowest level details down to individual virtual machines and storage accounts. The Monthly Usage Detail reports
are pre-pulled with historic month usage and current month to date usage. Enterprise Administrators have the ability to download all account and subscription daily, SKU-level
usage data associated with the Enrollment. Account Owners have the ability to download usage data from subscriptions associated with their account and can only view cost data
if it is enabled by the Enterprise Administrator.
Balance and Charge: shows the usage
summary view of month beginning balance
and charges against that balance
Usage Detail: shows the monthly view of
the detailed daily usage for all accounts and
subscriptions
Price Sheet: shows
historic service prices
36
Reports – Download UsageThis is where you can see details in a spreadsheet that provide the lowest level details down to individual virtual machines and storage accounts for a custom set of accounts and a
custom date range. You can also use the API to pull data programmatically
Selecting the API Access Key focus opens this view, where
you can generate, regenerate, delete and copy API keys
This is the Advanced Report where you can choose a date
range and account set for a custom report
You will be
prompted to
confirm your
actions for
API key
actions when
you click on
the icons
37
Reports – Service Usage ReportWith no Published Markup the only data you will have in the EA portal is usage data. The Download Usage will provide usage at the detailed service level and the Service Usage
Report will provide a month by month usage summary which just indicates relative usage of services at the published unit of measure.
38
Reports – Price SheetThis is where you can see your negotiated prices for each service. Note this list includes all services not just Azure Gov services
Your view focus will be
highlighted in blue.
New in this UI is the ability to
download the price sheet in an
excel spreadsheet
Commitment prices are prices
negotiated against a pre-paid
monetary commitment balance
Overage prices are those in excess
of a monetary commitment
therefore billed back in arrears
Clicking on the
Information
icon will show
the baseline
negotiated rate
and the current
rate. Customers
get the better of
the two rates.
39
To Filter on Azure Gov specific
services. Click on Search and then
type in “GOV”
Reports – Power BI ReportingNote: You must
have a valid Work
or School
Account with
authentication in
Azure Active
Directory (AAD) in
order to use
Power BI.
40
Reports – Power BI Reporting
Default Dashboard:
Customize and drill down by
clicking.
Default Reports: Customize
and drill down by clicking.
Datasets: Update
automatically or can be
refreshed on demand and you
can build your own
Dashboards and Reports from
the dataset.
41
Overage and Quota Threshold Notifications
42
Indirect Enterprise Administrators are automatically enrolled to receive weekly notifications of their total enrollment usage. Emails are also sent to notify customers that their
coverage period date is approaching, enrollment will be disabled and de-provisioned.
Monetary Commitment Balance &
Unbilled Usage:
• The emails provide a usage
summary only. If the partner has
published a markup cost
information is available in Usage
Summary and Download Usage
reports.
• Each Enterprise Administrator has
the ability to change the frequency
of the notification to daily, weekly,
monthly or turn them off
completely.
• A Notification Contact can be
added to receive notifications on
the same frequency or can be set
up independently on their own
schedule
• To modify notification settings:
hover over the admin account and
then select the edit pen on the
right, a popover will appear with
notification settings
Lifecycle Email Notifications
44
Enterprise Administrators are automatically enrolled to receive weekly notifications of their remaining monetary commitment balance and any unbilled usage. Emails are also sent
to notify customers that their coverage period date is approaching, enrollment will be Disabled and De-provisioned.
Lifecycle Email Notifications:
• Coverage Period End Date
Approaching Emails are sent to
Enterprise Administrator 60, 30,
7 day prior to the Azure
Amendment Coverage Period
End Date
• Disable and De-provision Date
Approaching: Inform the
Enterprise Administrators on an
enrollment that the coverage
period end date has past by
more than 10 months and that
their Accounts and
Subscriptions will be disabled
after the coverage period end
date has been exceeded by one
full year. Email is sent 60, 30,
15, 7 and 1 days prior to end of
grace period.
New Portal Classic Portal
http://portal.azure.us
http://manage.windowsazure.us
Resource Manager
Azure Portal vs. Classic Management Portal
46
Azure Management PortalAzure Management Portal OverviewIf you only have a single subscription you can begin deploying by selecting the + NEW button left of the page then selecting the service type you want to configure. If you have
more than one subscription first select the subscription. Panels expand from left to right and get overlaid as you go deeper down the configuration path.
47
Azure Management PortalAny users designated as Global Administrator, including the first user created, can add a user to the Azure Government Active Directory tenant. This step is required before that
user can be added as an Account Owner or Service Admin.
48
Adding Users into the Azure Government AAD
Click on Azure Active Directory If this
option is not one of the default options
click on More Services
Click on Add a user Create the new user
Name:
First and Last Name
User Name: This will need
to be an identity on your
Azure Government tenant
Directory Role:
This is where you will
choose the type of role
that the new user will have
Password: After clicking
on the “Show Password”
box the customer will be
able to see the password
for the new identity
Lastly, click Create
49Adding an Ownership Role to a subscription
First we highly recommend that you gain an understanding of Role Based Access which is an important concept to Azure Subscriptions. To add a co-administrator or ownership
role to a subscription, click on the double head and shoulders icon in the individual subscription panel, then the add button, then select the owner role and the select or search for
the personal Microsoft account or Work or School account you want to add. They must be valid and discoverable before they can be added
49
The Owner role only operates on the Azure Government Portal
Their role includes the ability to:
1) Provision/de-provision azure services within the subscription
2) Manage the other roles within the subscription
3) Open support tickets for issues within the subscription
They do not get any email notification when they are added to a role but they can now access the subscription at
portal.azure.us
Azure Management PortalWe now provide EA service cost estimates based on your EA negotiated service rates for Direct Enrollments and Indirect Enrollments with a published markup, in roles that are
enabled to see costs. In the past what appeared here were List prices.
50
EA Prices in Azure Management Portal
To validate that we are seeing EA
costs for DS1 VM, an image of the
EA Price Sheet is provided, showing
a price of $14.34/100 hours or .1434
per hour times 744 hours (31 days
times 24 hours per day) which
equals approximately $106.69 per
month.
Azure Service Level Help51
Azure Service Level HelpUse the Documentation Icon to go to www.azure.com where there are searchable articles, videos and other helps for understanding and configuring Azure services.
To see documentation about configuring an
azure service or to get support click on the help
and support icon in the upper right corner, the
question mark inside a circle. It will open a Help
and Support Panel pre-populated.
51
Opening a Support RequestChoose the New Support Request Icon or menu item and fill out the needed information in panels. Below is an example of requesting a quota increase for more cores within a
subscription.
At the end you must click on the create button and when
successful you will also get the support ticket number for
your reference. Note: for technical support you must have a
technical support contract in place. If you do not, for EA
customers it is ordered as a line item SKU on a Purchase
Order. See our slide on Support Plan Tiers.
52
Management Portal Overview
54
Full Service Listing
Name is a field that you can
customize when creating the service
Clicking Subscriptions will show you
the full list of subscriptions that you
have access to modify
manage.windowsazure.us/
Type is denotes the type of service
Status denotes if the service is
actively running or online
Subscription shows the subscription
in which the service currently resides
Location shows which data center
the service is currently hosted at
Click New to start
a new service
This help section will help you
get started with creation,
deployment and configuration
of your services
Add additional users to Azure Active DirectoryAny users designated as Global Administrator, including the first user created, can add a user to the Azure Government Active Directory tenant. This step is required before that
user can be added as an Enterprise Administrator, Account Owner, or Service Admin.
From the left hand side of the portal, select Active Directory
and then select the SubDomainName to be administered.
This provides several management functions for the Azure
Active Directory (AAD) including user management.
From the Users tab, the Global Admin can Add Users, Reset
Passwords, and Delete Users using the buttons on the bottom
of the screen and/or by interacting directly with the user list.
55
Add additional users to Azure Active DirectoryThe portal will step through a series of windows to create the user. Note that the Role of Global Admin provides access to administer the AAD tenant.
The temporary credentials
for the new user can be
sent directly to the user
via plan-text email or are
provided directly to the
admin for distribution as
desired.
NOTE: If you choose to
send the credentials to the
user via the email
function, the email will
contain a link to the
incorrect management
portal. Please be sure your
users use
ttps://manage.windowsaz
ure.us to access the Azure
Gov portal.
56
Adding a co-administrator to a subscription
57
The Co-Admin only operates on the Management Portal
This role includes the ability to:
1) Provision/de-provision azure services within the
subscription
2) Manage the list of co-administrators
They do not receive any email notification when they are
added as a co-admin
Click on Manage administrators
Click on Subscriptions
Adding a co-administrator to a subscription
58
Choose an identity that
you would like to add as
a co-admin then click
on the Edit icon
Click on a subscription that you want the user to have access to as
a co-admin and then click on the checkmark at the bottom right
59
Our Tiered Support Offerings
Find details on our support offerings page:
https://azure.microsoft.com/en-us/support/plans/government/
Support can be purchased through your channel partner.
59
Microsoft Azure Government Support Plans
Summary of User ManagementAdd an identity to your Gov Azure Active Directory (AAD) tenant:
Login to the Management Portal using the credentials provided
Select Active Directory from the tabs on the left navigation
Click on the arrow next to your domain name
Click on Users tab on the upper navigation
Click Add User on the bottom of the screen
Fill out the various fields, clicking next to walk through the process noting the selection of User Role based on the description in the Onboarding Guide
Click Create to create the account and generate a temporary password (note that if you allow the portal to send the credentials directly to a user that the
email will include a link to the commercial management portal by mistake)
Grant an identity for access to the Management Portal and/or Subscriptions:
Login to the Management Portal using the credentials provided
Select Settings from the tabs on the left navigation
Click on Administrators from the upper navigation
Click Add on the bottom of the screen
Enter the identity you would like to add as a Co-Admin and select the subscription(s) to which to add them noting that the identity must first exist in the AAD
tenant per the first set of instructions
Grant an identity for access to the Enterprise Portal:
Login to the Enterprise Portal using the credentials provided
Select Manage from the left navigation and then select the Enrollment panel
Click on Add Administrator
Enter the identity to be added and select the role (Enterprise Admin or Department Admin) noting that the Enrollment Authentication Level should be set to
Work or School Account Cross Tenant.
Add an account to the Enterprise Portal:
Login to the Enterprise Portal using the credentials provided
Select Manage from the left navigation and then select the Account panel
Click on Add Account
Enter the identity to be added noting that the identity must first exist in the AAD tenant per the first set of instructions
Using In-Private browsing in IE or similar functionality in another browser, login to the Enterprise Portal again using the identity just added as an Account
If this identity was also added as an Enterprise or Department Admin, then click on the account name from the list to Activate the account
60
Microsoft Azure Services and Support ResourcesSupport
Microsoft Azure Government Support – Please submit a request directly in the Azure Portal (azure.portal.us)
Helpful Links
Microsoft Azure Enterprise Portal – To view your enterprise level accounts, subscriptions, monetary commitment and overage balances and to create accounts https://ea.azure.com
Microsoft Azure Account Portal – To create additional subscriptions and rename existing subscriptions https://account.windowsazure.us/
Microsoft Azure Management Portal – To deploy and host your applications once you have created a subscription on the Microsoft Azure Enterprise Portal https://manage.windowsazure.us
Service Dashboard – Current status on the health of Microsoft Azure Services can be viewed at the service dashboard at http://azure.microsoft.com/support/service-dashboard/If you wish to receive notifications for interruptions to any of the services, you can subscribe to the respective RSS feeds from that page
Service Level Agreements – To view service level agreements associated with Microsoft Azure services, go to the SLA homepage at http://azure.microsoft.com/support/legal/sla/
Services Deployed in Azure Gov – To view services that have been deployed into the Azure Gov environment, go to the Azure Regions page at http://azure.microsoft.com/regions/#services
© 2016 Microsoft Corporation. All rights reserved. Microsoft, Microsoft Azure, Microsoft Azure logo, Windows Live, and SQL Azure are trademarks of the Microsoft group of companies. All
other trademarks are property of their respective owners. Microsoft makes no warranties, express or implied. You may copy and use this document for your internal, reference purposes only. 61
Appendix for Managed Service Provider (MSP) Enrollments
Partner with
Microsoft sales teams
to develop a go-to-
market strategy
Build a high-quality
relationship with the
end customer
Resell discounts on
Azure Government
and Azure
commercial services
Qualify for additional
sales and service
incentive offers
Access Microsoft
Business Investment
Funds (BIF)
Now that you are part of the Microsoft MSP program, you can open your business to new customer
paths, services, and revenue lines, create a more direct path to government agencies, increase your
overall efficiency, and offer faster delivery of services. Benefits of the program include the following:
62
MSP - Manage Departments PanelThe Department focus allows you to operate at the department level. The new default iconic view uses color to show active departments in green and inactive departments in
orange. If you prefer a list view you can toggle to that view.
Your view focus will be
highlighted in blue
Default view uses
Icons. You can toggle
to a list view here
You can add
Departments
and
Department
Admins here.
Clicking on
add will
bring a slide
out from the
right hand
side of the
screen with
an action
box to fill in
details.
Clicking on the
Department
will open a
Details view
where you can
view and edit
details
Filter to show
only active
status items
MSP Departments are
identified with the
MSP badge
63
MSP - Add DepartmentAs an MSP enrollment when you add a department there is additional information needed for each department you define as an MSP department
When you click the add department button and
select yes for MSP the information items will
below it will appear.
***If you do not see the MSP option, then you will
need to fill in a Support Request
(http://aka.ms/azuregovsupport) to setup your
tenant as an MSP***
Although all
other fields
are optional
there may be
important
fields for
your use in
managing
MSP
departments
Contact Information has required fields with are noted with an *
It is important that the Company Name and Address are
recognizable by Microsoft for internal reporting purposes
64
Recommended