The Azure Enterprise Portal is an online management portal through which businesses can define admin roles, create subscriptions, and add role-based access in order to allow users to set up Azure services. It can also be used to preview costs, monitor costs, and get recommendations about how to save costs.
For many businesses using Microsoft Azure, the Azure Enterprise Portal is the most commonly-used tool for managing resources used to operate in the cloud. The effective management of Azure resources requires a comprehensive understanding of the portal, and of what it can and can’t do. This introduction to the Azure Enterprise Portal provides an oversight of the portal’s capabilities and limitations.
When businesses first start using the Azure Enterprise Portal, the first task is to create an “administrative tree”. This consists of four administrative levels based on users’ roles within the business. At the top of the tree are the Enterprise Administrators who have visibility over everything. Below them comes Department Administrators, Account Owners, and Service Administrators.
Depending on the business’s structure, different administrators can be assigned different access rights— for example Enterprise Administrators can be assigned read-only rights if an individual would only need to access usage and cost reports. Similarly, access to billing information and the Azure Marketplace can be enabled or disabled according to the individuals’ roles within the business.
Enterprise administrators can set soft spending quotas for each department and receive notifications when milestones in the spending quotas are reached. They can also limit who within the business has the authority to create subscriptions—subscriptions being required before services can be provisioned by Service Administrators. In a small business, getting started with the Azure Enterprise Portal is straightforward. For larger businesses, Active Directory onboarding is recommended.
Subscriptions are basically individual accounts within the global business account. They’re often used to separate billing and resource management by department, or by units within each department. For example, a business with premises in different geographical locations may want each premises to pay for its use of Microsoft Azure, or may want Finance and Marketing to be individually accountable for its resource usage. Marketing may even want unique subscriptions for each product or project.
Because subscriptions relate to billing, they have to be set up before it’s possible to provision resources. The global subscription is set up by default when the global business account is created, and for many businesses, one subscription is enough—although it has the drawbacks of less agility for development and production teams and requiring greater granularity in role based access controls. There are also limits to how many resources (i.e. VMs) can be deployed in each subscription.
Consequently, many businesses choose to use multiple subscriptions to satisfy business, technical, and scalability requirements. This also has the benefit of enabling individual Service Administrators to group resources that share the same lifecycle (and deploy, update, or delete them together) without the Azure Enterprise Portal becoming cluttered with thousands of resource groups in the same subscription. The drawback of this option is it increases the complexity of managing costs, performance, and security.
The Azure Enterprise Portal attempts to reduce the complexity of managing multiple subscriptions by offering a selection of management tools. The tools enable businesses to estimate costs before provisioning services, and monitor costs by resource, group, or department provided an appropriate tagging strategy is being used. The Azure Advisor feature also identifies resources not being used to their full capacity so they can be rightsized or terminated as necessary.
With regards to managing performance, the Azure Enterprise Portal has a feature called Application Insights. This feature monitors live web applications to detect performance anomalies, and includes powerful analytics tools to help developers diagnose problems and better understand how users interact with the apps. Developers can also create alerts to notify them when activity exceeds the usual pattern so that the performance and usability of the app can be adjusted as necessary.
The Azure Security Center provides integrated security monitoring and policy management across multiple subscriptions. Not only does the Security Center alert businesses to threats that might otherwise go unnoticed in a complex administration tree, but it also allows businesses to create security policies applicable to each type of resource (or the data within them) by individual subscription. The Security Center can also be configured to receive alerts from “integrated partner solutions”.
It’s difficult to create a definitive list of what the Azure Enterprise Portal can’t do because businesses use the portal in different ways and because Microsoft are always improving the Portal with new features.or example, the Azure Advisor was recently updated to notify businesses when purchasing Reserved VM Instances would help them reduce costs. Some industry professionals have also noted that the reporting mechanisms are inflexible. If Department Administrators want deep details such as mobile app costs by environment, they have to get Account Owners to set up unique subscriptions for each requirement— further increasing the complexity of managing costs and performance. This will also require moving a set of services from their existing subscription to the new subscription.
Although the Azure Enterprise Portal is functional in some aspects, it’s lacking in others. This is why many businesses choose to use third party cloud management solutions such as CloudHealth. CloudHealth can perform all the capabilities of the Azure Enterprise Portal plus many more, and supports businesses operating in hybrid or multi-cloud environments. For your free demo of the CloudHealth cloud management platform, contact us today.
To learn the best practices for reducing cost and optimizing your Azure cloud environment, download our eBook.