Blog Post

Educator Developer Blog
2 MIN READ

Setting up Azure subscription and resources at your institution

Lee_Stott's avatar
Lee_Stott
Icon for Microsoft rankMicrosoft
Mar 21, 2019
First published on MSDN on Mar 13, 2017

Subscriptions & Resource Groups are one of the most important aspects when looking at how to deliver/provide cloud resources to your staff/students

Here are some best practice principles around providing Azure at your institution.

1. Create new major subscriptions to hold resource groups, according to broad categories

  • Central IT
  • Unit IT
  • Research Groups
  • Students and Student Project/Courses

2. Used Role Based Access Control

  • Create new resource groups for newly on-boarded teams, instead of new subscriptions
  • Resource groups allow you to implement role based access control so students can be contributors to services but not owners and IT staff can have overall control
  • We have created a set of Role Based Access Control scripts at https://github.com/MSFTImagine/computerscience/tree/master/Scripts

Here are some example of how subscriptions can be associated to Azure Resource Groups , which then can be used to enforce access to Azure Cloud Services based on Azure Role Based access control - https://docs.microsoft.com/en-us/azure/active-directory/role-based-access-built-in-roles

Azure Resource Groups

Resource groups are a new concept in the Azure Portal http://portal.azure.com

We think of them as "lifecycle boundaries," because when resources share a resource group, their lifecycles (from create, to update, to delete) are managed in an integrated way. Use resource groups to collect and manage all your application resources. Link resources across resource groups, share resources across lifecycle boundaries, and manage costs. View, monitor, and track your usage and billing for all the resources your application uses. New visuals show you every resource in the group, including any resources that are linked across groups.

https://docs.microsoft.com/en-gb/azure/azure-resource-manager/resource-group-portal

Azure Subscription for Admin Function

Azure Subscription for Research Functions

Azure Subscription for Student Labs/Resources

In terms of structure and management these groups can be built around the institutions Azure Active Directory or Office365 tenant to ensure only users of appropriate groups and team have access to the necessary resources.

Here is a an example of the types of users and role which they may undertake,

if your interested in learning more about Azure subscriptions in your institution please get in touch and we can introduce you to your institutions Microsoft account manager

Updated Mar 21, 2019
Version 2.0
No CommentsBe the first to comment