Maybe you’ve heard of Microsoft Azure, maybe you haven’t.   In today’s article, I’m going to walk you through the process of wiring up your Azure subscription to work with your Office 365 Organization accounts as well as Live ID.  To understand what we’re doing here, let’s do a little refresher. 

What is this Azure Thing?

Microsoft Azure is a cloud computing platform for hosting various services including, websites, virtual networks and machines, to highly available SQL database services.  You’re billed by month which varies by the type of the service (server hardware, drive size, VM size level, etc).  You can find out more on the various services and relevant pricing along with a handy calculator on the pricing page.  Credits for Microsoft Azure also comes as a benefit to Microsoft competency partners or users with an MSDN subscription.  So that explains Azure, but what’s the difference between an organization account and Live ID?

Accounts – Organization vs. Live ID

When you login to any Microsoft service (Office 365, Azure, Xbox Live, Xbox Music, Outlook.com, OneNote.com, Windows Phone, Sway, etc.), you are using one of two account types:

• Live ID (now called a Microsoft Account)
• Organization account

Not all Microsoft services allow you to login from both, but if so you will typically see a login prompt first just for your email address so Microsoft can determine what type of account your email address belongs to:

After you type your email address, if it finds a match for both types you choose which type you want to login with:

What’s the difference?  The difference is which services they are used for which is loosely indicated by the description in the above screenshot.  A Microsoft account is for personal / consumer services like OneNote and Office online, OneDrive, etc.  It is denoted by the Microsoft 4 color flag icon.  Way back when this used to be the account for Hotmail, and was also called Passport which has all evolved now into a Microsoft account. 

On the other hand, an Organization account (called Work or school account above) is for business / company focused services.  This is typically only Office 365 or Azure. If you are a business user, your company provides you with a user account to login to a computer and access company resources.  An organization account is like a Microsoft-hosted business account that is attached to a subscription service your company pays for.

Ok So What?

Well in Azure, once you sign up with one of the types of accounts, you will typically want to add other users for access.  However, the problem is that Azure by default only lets you add users of the same type as the one you signed up with.  So if you signed up with a Microsoft account, you can only add other Microsoft accounts.  If you try to add an organization account, you will be disappointed with a no user found :(.  If you signed up as an organization account, you can only add other organization accounts but not any Microsoft accounts. 

In my scenario for example, I activated my subscription for Azure via my MSDN subscription which uses a Microsoft account (you can’t use an Org account).  Now that I’m in, I want to add my main user account I use all day which is an Organization account so I don’t have to manage multiple accounts.  This is possible, it just requires a few changes in your Azure subscription.

Steps

Now all that’s out of the way, let’s take a look at the steps involved in this quick process.  What we’re basically doing is adding the existing Azure Active Directory for your company to your MSDN Azure subscription.

1. Login to Azure as the Microsoft account that you used to signed up for the subscription (via https://manage.windowsazure.com).
2. At the bottom of the screen, click the big + NEW button (in the gray bar).  Choose App Services –> Active Directory –> Directory, and then Custom Create.
   
   
   
   
3. On the Add directory dialog, change Directory to Use existing directory, and click the I am ready to be signed out now box.  Click the checkmark at the bottom right corner. 
1. What we’re doing is saying we’re going to login with an Organization account so Azure knows what Organization to associate.  It will use your Microsoft account as the go between. 
   
   
   
   
4. Back at the Azure login screen, you will notice it says “Sign in with your work or school account”, which means the Organization account.  Make sure you use an org account that is a global administrator.
5. You should get a dialog that says “Use the <Organization> directory with Microsoft Azure”?  Click Continue.
1. NOTE: If you see the error “your session has expired”, try re-doing the procedure either in another non-IE browser, or use IE in "in-private" browsing.
   
   
6. It should prompt another message saying “You can now use the ‘Organization’ directory with Microsoft Azure when you sign in using your Microsoft account ‘account name’.”  Click the Sign out now link.
7. You should be looking at the Microsoft Azure sign in screen again.  Login again with your original Microsoft account.  At this point, if you go to Active Directory, your new directory from your Organization should be visible and all the users. 
   
   
8. Depending on if you want this new org to be default, click on Subscriptions from the top and click Manage subscriptions.  Highlight your subscription, and click the Edit directory button at the bottom and choose your new org in the dropdown. 
9. Now you login to Azure with your org ID! 
   
   

If you have any questions about C5 Insight or this blog entry, please Contact Us.