WEBVTT 0:00:02.940000 --> 0:00:09.040000 In this video, I'm going to talk about Azure subscription management. 0:00:09.040000 --> 0:00:12.840000 This is really important because it's important to know what Azure subscriptions 0:00:12.840000 --> 0:00:18.100000 are. They are a fundamental element of the overall Azure architecture. 0:00:18.100000 --> 0:00:20.240000 We're going to talk about Azure subscriptions. 0:00:20.240000 --> 0:00:22.980000 We're going to look at subscription types. 0:00:22.980000 --> 0:00:26.220000 We'll talk about accessing subscriptions and controlling that. 0:00:26.220000 --> 0:00:30.780000 Then I am going to demonstrate subscription access. 0:00:30.780000 --> 0:00:34.620000 Then we'll get into management groups, what they are, why they're important, 0:00:34.620000 --> 0:00:36.040000 and I'll demonstrate those. 0:00:36.040000 --> 0:00:39.680000 We'll also talk about enterprise license management and how enterprise 0:00:39.680000 --> 0:00:43.260000 licensing impacts your subscription management. 0:00:43.260000 --> 0:00:47.200000 Finally, briefly, we'll talk about Azure service life cycle, which really 0:00:47.200000 --> 0:00:51.100000 you need to know, but it's put in here because, well, I couldn't really 0:00:51.100000 --> 0:00:52.480000 think of anywhere else to put it. 0:00:52.480000 --> 0:00:54.300000 We'll cover that. 0:00:54.300000 --> 0:00:55.220000 Let's get started. 0:00:55.220000 --> 0:00:58.700000 Talking about what Azure subscriptions are. 0:00:58.700000 --> 0:01:06.020000 When I'm thinking about Azure, I've got really within Azure three layers 0:01:06.020000 --> 0:01:18.060000 of hierarchy. I have at the highest level the subscription. 0:01:18.060000 --> 0:01:27.980000 Within the subscription, I have resources that are organized into resource 0:01:27.980000 --> 0:01:31.480000 groups, which I don't think. 0:01:31.480000 --> 0:01:33.340000 There we go. Very close. 0:01:33.340000 --> 0:01:35.020000 I have multiple resource groups. 0:01:35.020000 --> 0:01:37.960000 Then within a resource group, I have my resources which could be something 0:01:37.960000 --> 0:01:45.140000 such as a virtual machine, or perhaps a SQL database, or any of other 0:01:45.140000 --> 0:01:49.760000 of hundreds of different resources that are available. 0:01:49.760000 --> 0:01:55.400000 That is the architecture for everything in Azure. 0:01:55.400000 --> 0:01:59.760000 Now, the subscription is important because, for one thing, the subscription 0:01:59.760000 --> 0:02:03.900000 is where you are built. 0:02:03.900000 --> 0:02:07.820000 You set up your payment at the subscription level, and on a monthly basis, 0:02:07.820000 --> 0:02:11.400000 your payment at the subscription level is charged. 0:02:11.400000 --> 0:02:15.420000 The virtual machines are where the charges actually a crew, or the resources 0:02:15.420000 --> 0:02:19.100000 in general, and that's where you get your functionality. 0:02:19.100000 --> 0:02:22.520000 Then in between those, you have the resource group. 0:02:22.520000 --> 0:02:27.720000 The resource group is really an administrative organizational tool, and 0:02:27.720000 --> 0:02:30.120000 it allows you to group resources. 0:02:30.120000 --> 0:02:33.960000 If I wanted, for example, to set permissions on a bunch of resources, 0:02:33.960000 --> 0:02:36.060000 I could do that very easily. 0:02:36.060000 --> 0:02:39.520000 Then one step by doing that at the resource group. 0:02:39.520000 --> 0:02:45.500000 Anytime you provision a resource, you are provisioning it into a subscription 0:02:45.500000 --> 0:02:48.360000 and into a resource group. 0:02:48.360000 --> 0:02:51.980000 Now, you also can be associated with multiple subscriptions. 0:02:51.980000 --> 0:02:54.480000 We'll talk about subscription access. 0:02:54.480000 --> 0:02:57.260000 But I could have multiple subscriptions. 0:02:57.260000 --> 0:03:01.600000 The reason I may differentiate those is I may want to control access at 0:03:01.600000 --> 0:03:02.640000 the highest level. 0:03:02.640000 --> 0:03:04.920000 I may want them build differently. 0:03:04.920000 --> 0:03:08.620000 Maybe I create subscriptions for different clients that I'm managing, 0:03:08.620000 --> 0:03:11.520000 but that is the basic concept. 0:03:11.520000 --> 0:03:14.620000 Very simple. Again, we'll dive into a little bit deeper. 0:03:14.620000 --> 0:03:19.480000 Key thing here, subscription, highest level of really organization of 0:03:19.480000 --> 0:03:22.640000 your resources, and it's where you get build. 0:03:22.640000 --> 0:03:29.280000 Now, there are different types of subscriptions. 0:03:29.280000 --> 0:03:32.600000 What is probably the most common type, and certainly between the first 0:03:32.600000 --> 0:03:38.040000 two, they are really your common production types, are pay as you go and 0:03:38.040000 --> 0:03:44.960000 enterprise. Pay as you go, you go and I can just go to azure.com, I can 0:03:44.960000 --> 0:03:48.620000 create a subscription, and I can start paying for that subscription. 0:03:48.620000 --> 0:03:53.480000 Then on a monthly basis, every resource that I use, I'm going to pay for. 0:03:53.480000 --> 0:03:55.240000 It's very simple. 0:03:55.240000 --> 0:04:01.080000 Enterprise. If you have an enterprise agreement with Microsoft, then you 0:04:01.080000 --> 0:04:05.700000 can use the enterprise licensing for Azure. 0:04:05.700000 --> 0:04:11.020000 Azure has its own license arrangement, but it can also be an add-on to 0:04:11.020000 --> 0:04:16.060000 on-prem or other cloud-based enterprise licensing options that you have, 0:04:16.060000 --> 0:04:18.020000 and we'll talk about that a little bit. 0:04:18.020000 --> 0:04:20.580000 Both of these work the same basic way. 0:04:20.580000 --> 0:04:23.560000 You've got resources, resources are accruing charges. 0:04:23.560000 --> 0:04:26.000000 You're going to pay for those charges on a monthly basis. 0:04:26.000000 --> 0:04:28.800000 How much they cost and the way you pay for them and the way you manage 0:04:28.800000 --> 0:04:31.820000 the subscriptions themselves are going to be different, whether it's pay 0:04:31.820000 --> 0:04:35.800000 as you go or enterprise, but they both follow that same basic model. 0:04:35.800000 --> 0:04:42.040000 Now, there's also a cloud provider architecture where you may get your 0:04:42.040000 --> 0:04:44.720000 cloud services through a third-party provider. 0:04:44.720000 --> 0:04:50.700000 They're providing Azure resources, but you're paying the third-party provider 0:04:50.700000 --> 0:04:55.020000 who has an arrangement, an agreement arrangement sounds a little bit sketchy, 0:04:55.020000 --> 0:04:59.540000 but they have an agreement with Microsoft and you're going through them. 0:04:59.540000 --> 0:05:01.160000 Now, there's other types, free. 0:05:01.160000 --> 0:05:03.380000 Free sounds awesome. 0:05:03.380000 --> 0:05:06.940000 Let me tell you a little bit real quick about a free subscription. 0:05:06.940000 --> 0:05:12.360000 Microsoft will allow you a 30-day trial subscription. 0:05:12.360000 --> 0:05:17.880000 The 30-day trial subscription gives you a $200 credit that you can use 0:05:17.880000 --> 0:05:20.940000 over those 30 days for paid resources. 0:05:20.940000 --> 0:05:27.060000 There are also a number of free resources that you can use for up to 12 0:05:27.060000 --> 0:05:32.160000 months. Free resources would be things like function apps below a certain 0:05:32.160000 --> 0:05:33.440000 usage threshold. 0:05:33.440000 --> 0:05:37.300000 And there's a number of, again, quote-unquote, free resources. 0:05:37.300000 --> 0:05:40.240000 You can actually look these up and find them. 0:05:40.240000 --> 0:05:44.800000 Now, as far as the free account, you get one free account pretty much 0:05:44.800000 --> 0:05:50.840000 ever. When you create a free trial account, you have to give a Microsoft 0:05:50.840000 --> 0:05:56.760000 login, so a Hotmail login, an outlook.com login. 0:05:56.760000 --> 0:06:02.640000 You also have to provide a phone number and you have to provide a credit 0:06:02.640000 --> 0:06:07.180000 card. That credit card, that phone number, and that login can only be 0:06:07.180000 --> 0:06:11.960000 used one time. And I will tell you from experience, they use the credit 0:06:11.960000 --> 0:06:15.620000 card not to charge you because it's a free account, but they use it to 0:06:15.620000 --> 0:06:17.780000 identify you and they'll get your address from that. 0:06:17.780000 --> 0:06:20.340000 And so if you have other credit cards, just think, hey, I've got another 0:06:20.340000 --> 0:06:25.360000 phone number, I've got another credit card, I can create another ID easily 0:06:25.360000 --> 0:06:28.040000 enough, that's probably not going to work. 0:06:28.040000 --> 0:06:32.240000 So you get one free one, use it wisely. 0:06:32.240000 --> 0:06:37.560000 You can also have credit based, generally speaking, that's with MSDN. 0:06:37.560000 --> 0:06:42.340000 If you have an MSDN subscription, then you will likely get a certain amount 0:06:42.340000 --> 0:06:55.040000 of free credits every $150 right now at the time of this that may change. 0:06:55.040000 --> 0:07:02.240000 There's also credit, there's different types of subscriptions that Microsoft 0:07:02.240000 --> 0:07:06.720000 may give you. If you're a partner of theirs and they're doing internal 0:07:06.720000 --> 0:07:11.100000 training for you, or if you're doing any of their official training, you 0:07:11.100000 --> 0:07:14.780000 can get a credit based subscription specifically for that as well. 0:07:14.780000 --> 0:07:18.080000 So those are the subscription types. 0:07:18.080000 --> 0:07:22.380000 Now, what I want to do is talk about subscription access. 0:07:22.380000 --> 0:07:26.540000 I mentioned before that you've got a subscription, right? 0:07:26.540000 --> 0:07:30.240000 And within that subscription, you've got resources which are organized 0:07:30.240000 --> 0:07:33.660000 into resource groups. 0:07:33.660000 --> 0:07:39.540000 So I've got my, I'm just gonna say subscription, S for subscription, R 0:07:39.540000 --> 0:07:43.300000 .G. for resource group, and I've got some resources, just tag those as 0:07:43.300000 --> 0:07:45.940000 ours. Now, how do I access this? 0:07:45.940000 --> 0:07:46.960000 Well, there's kind of two things. 0:07:46.960000 --> 0:07:52.480000 First of all, you have an administrative account. 0:07:52.480000 --> 0:07:59.220000 Say admin account. 0:07:59.220000 --> 0:08:03.040000 Now, the admin account, if you're using pay as you go, or frankly, anything 0:08:03.040000 --> 0:08:09.980000 other than an enterprise license, the admin account is going to be a Microsoft 0:08:09.980000 --> 0:08:13.860000 account. So it's going to be an Outlook account, or it's going to be a 0:08:13.860000 --> 0:08:16.960000 Hotmail account, there's a couple others that can be used as well. 0:08:16.960000 --> 0:08:23.780000 Now, that admin account is going to be used to provision a subscription, 0:08:23.780000 --> 0:08:31.320000 but you also have what is called an Azure AD tenant or an Azure AD directory. 0:08:31.320000 --> 0:08:39.200000 Now, the admin account is going to have full rights to both of these always. 0:08:39.200000 --> 0:08:42.420000 There's also something called a service account that is an admin account 0:08:42.420000 --> 0:08:47.780000 initially, but you can also have other people with service accounts. 0:08:47.780000 --> 0:08:50.700000 A service account has absolute full rights as well. 0:08:50.700000 --> 0:08:52.900000 So I've got an admin account, I've got a service account. 0:08:52.900000 --> 0:09:02.100000 Now, within Azure AD, I can define principles, I can have users, groups, 0:09:02.100000 --> 0:09:05.400000 and service principles, which are really process identities. 0:09:05.400000 --> 0:09:14.380000 And all of these can be given rights or actually given roles in Azure. 0:09:14.380000 --> 0:09:17.980000 So I can have users, groups, or service principles, and they can be given 0:09:17.980000 --> 0:09:23.080000 roles at the subscription level, at the resource group level, or at the 0:09:23.080000 --> 0:09:27.220000 resource level. And really, when it comes down to it, that is subscription 0:09:27.220000 --> 0:09:30.540000 access. So you'll have this admin account, I don't think I gave you both 0:09:30.540000 --> 0:09:33.680000 parts of that. If it's anything other than an enterprise license, it's 0:09:33.680000 --> 0:09:35.920000 going to be a Microsoft account. 0:09:35.920000 --> 0:09:38.660000 So again, Hotmail, Outlook, etc. 0:09:38.660000 --> 0:09:41.920000 If you've got an enterprise account, it's done differently. 0:09:41.920000 --> 0:09:45.840000 You have a whole enterprise management structure that you use. 0:09:45.840000 --> 0:09:47.360000 And that's going to be your admin account. 0:09:47.360000 --> 0:09:50.200000 But once you get down below that, really access is the same. 0:09:50.200000 --> 0:09:54.040000 So I could be the admin account and I could have a user for, let's say, 0:09:54.040000 --> 0:09:59.220000 my producer that needs to get in and needs to modify maybe some settings 0:09:59.220000 --> 0:10:00.740000 in a resource group format. 0:10:00.740000 --> 0:10:05.280000 And I could have an account, a user account, an Azure AD that's associated 0:10:05.280000 --> 0:10:08.360000 with the subscription so they could go and access that. 0:10:08.360000 --> 0:10:13.300000 So every subscription has an admin account and also has an associated 0:10:13.300000 --> 0:10:16.120000 primary Azure AD tenant. 0:10:16.120000 --> 0:10:22.080000 That Azure AD tenant might be the tenant for multiple subscriptions. 0:10:22.080000 --> 0:10:27.260000 So I could have S2 over here and I could have that Azure AD account and 0:10:27.260000 --> 0:10:31.500000 also the same admin account for that second subscription. 0:10:31.500000 --> 0:10:35.400000 And so that is the idea behind subscription access. 0:10:35.400000 --> 0:10:41.400000 Now, what I want to do is I want to show you subscription access. 0:10:41.400000 --> 0:10:46.700000 And to do that, I'm going to pop in to a portal experience. 0:10:46.700000 --> 0:10:48.900000 I'll show you how you would log into the portal. 0:10:48.900000 --> 0:11:00.480000 And then I'm also going to go to control access to the subscription by 0:11:00.480000 --> 0:11:06.120000 quickly looking at Azure AD and also looking at the access control for 0:11:06.120000 --> 0:11:07.660000 the subscription itself. 0:11:07.660000 --> 0:11:13.100000 So let's go ahead and let's go over to the Azure portal. 0:11:13.100000 --> 0:11:19.520000 Now I am logged in to the Azure portal and I'm actually logged in as a 0:11:19.520000 --> 0:11:27.540000 user in one of the Azure AD tenants because I'm not actually the administrative 0:11:27.540000 --> 0:11:33.680000 account on this subscription because that was created by our IT director. 0:11:33.680000 --> 0:11:42.600000 But I am an owner of the subscription as well as a global admin for the 0:11:42.600000 --> 0:11:43.840000 Azure AD tenant. 0:11:43.840000 --> 0:11:54.060000 So I have full rights even though I'm not technically the information. 0:11:54.060000 --> 0:11:54.880000 I can view account. 0:11:54.880000 --> 0:11:59.200000 I can switch directories or I could sign in with a different account. 0:11:59.200000 --> 0:12:00.560000 That's at the highest level. 0:12:00.560000 --> 0:12:07.400000 Now, once I have logged in, I have access to different directories. 0:12:07.400000 --> 0:12:09.680000 And I've got a few different directories that are in my favorites. 0:12:09.680000 --> 0:12:12.560000 I've got a number of directories in addition to that. 0:12:12.560000 --> 0:12:14.920000 And I can switch back and forth between directories. 0:12:14.920000 --> 0:12:17.980000 One thing you have to be aware of, though, is you have to make sure you're 0:12:17.980000 --> 0:12:22.300000 in the right directory to manage whatever resources. 0:12:22.300000 --> 0:12:25.980000 So I'm in the I-E demo tenant and I've got three subscriptions that are 0:12:25.980000 --> 0:12:28.220000 associated with that tenant. 0:12:28.220000 --> 0:12:31.320000 And so I can do whatever I want within those three subscriptions. 0:12:31.320000 --> 0:12:37.400000 However, the I-E-80 demonstrations and the I-E-ink, neither of those have 0:12:37.400000 --> 0:12:39.300000 any subscriptions associated with them. 0:12:39.300000 --> 0:12:43.740000 So I can manage those directories, those tenants, same thing. 0:12:43.740000 --> 0:12:49.260000 But I can't manage any resources when I'm connected to those particular 0:12:49.260000 --> 0:12:53.200000 tenants. But I'm in a tenant that has my subscriptions. 0:12:53.200000 --> 0:12:55.640000 And so what I want to do is go down and take a look. 0:12:55.640000 --> 0:12:59.420000 And here are my subscriptions. 0:12:59.420000 --> 0:13:04.260000 So I've got three different subscriptions that are associated with my 0:13:04.260000 --> 0:13:08.960000 login that my login has rights to and that are also associated with this 0:13:08.960000 --> 0:13:11.340000 tenant with my primary tenant. 0:13:11.340000 --> 0:13:14.300000 And I can go in to any of these. 0:13:14.300000 --> 0:13:17.420000 Notice, by the way, my role on all of these is owner. 0:13:17.420000 --> 0:13:22.940000 So I can go into one of my subscriptions and I can view the information 0:13:22.940000 --> 0:13:24.880000 on the subscription. 0:13:24.880000 --> 0:13:32.660000 Now, really about the only thing that I can't do right here is I can't 0:13:32.660000 --> 0:13:34.100000 change the payment. 0:13:34.100000 --> 0:13:38.900000 There is another interface, if I'm in a pay as you go, which is what this 0:13:38.900000 --> 0:13:44.340000 is, that does allow you to set payment, but I'm not the admin account, 0:13:44.340000 --> 0:13:45.600000 so I can do that. 0:13:45.600000 --> 0:13:50.060000 I can click here, but it's going to tell me payment methods are managed 0:13:50.060000 --> 0:13:51.920000 by your account admin. 0:13:51.920000 --> 0:13:55.400000 And so I could email the account admin and ask him to change that. 0:13:55.400000 --> 0:13:57.900000 But other than that, I can manage the subscription. 0:13:57.900000 --> 0:14:08.640000 And most importantly, since we're talking about who has access. 0:14:08.640000 --> 0:14:16.800000 So Jamie is actually our account admin, or admin account. 0:14:16.800000 --> 0:14:19.300000 They've got that role as owner. 0:14:19.300000 --> 0:14:20.580000 I am also an as owner. 0:14:20.580000 --> 0:14:24.880000 I'm also in as user access administrator, which allowed me to make myself 0:14:24.880000 --> 0:14:28.880000 an owner. I also have an automated process that runs and it has rights 0:14:28.880000 --> 0:14:33.500000 as well. So if I wanted to give someone else rights to the subscription, 0:14:33.500000 --> 0:14:38.860000 I would come into access control and I would I would assign a role to 0:14:38.860000 --> 0:14:43.640000 whatever user or group I wanted to give access to my overall subscription. 0:14:43.640000 --> 0:14:45.800000 And I can be more granular than that as well. 0:14:45.800000 --> 0:14:50.900000 I can go down and grant access to individual resource groups or even individual 0:14:50.900000 --> 0:14:53.620000 resources within the subscription. 0:14:53.620000 --> 0:14:56.060000 Okay, but that's the way that access works. 0:14:56.060000 --> 0:15:04.940000 You log in, your login has access to different, I, or excuse me, rights 0:15:04.940000 --> 0:15:07.380000 within different subscriptions. 0:15:07.380000 --> 0:15:11.400000 Now what I'm going to do is pop back to the story at hand. 0:15:11.400000 --> 0:15:13.820000 So we finished up this demonstration. 0:15:13.820000 --> 0:15:15.880000 Okay, I want to talk about management groups. 0:15:15.880000 --> 0:15:20.200000 This is another layer within the overall Azure framework. 0:15:20.200000 --> 0:15:25.900000 Okay, so I've got an Azure 80 tenant and I could have a couple of subscriptions 0:15:25.900000 --> 0:15:29.580000 that are associated with my Azure 80 tenant. 0:15:29.580000 --> 0:15:35.640000 And if I've got a few, then it's pretty easy to manage those subscriptions. 0:15:35.640000 --> 0:15:39.340000 But it's also possible, particularly if you're in an enterprise environment, 0:15:39.340000 --> 0:15:44.560000 that you may have many more subscriptions associated with the same tenant. 0:15:44.560000 --> 0:15:49.520000 Right, and that can get to be a bit problematic to manage, particularly 0:15:49.520000 --> 0:15:52.880000 when you're looking at things like policies, right, because the way that 0:15:52.880000 --> 0:15:56.360000 I want to manage my client subscriptions over on the right, the client 0:15:56.360000 --> 0:15:59.020000 one, two, and three, it's probably going to be different than the way 0:15:59.020000 --> 0:16:03.340000 I want the corporate subscription managed or even the R&D subscription. 0:16:03.340000 --> 0:16:09.020000 So what you can do is you can add these things called management groups 0:16:09.020000 --> 0:16:11.320000 and management groups are exactly that. 0:16:11.320000 --> 0:16:17.220000 Okay, they're set up at the tenant level and they can include any res, 0:16:17.220000 --> 0:16:22.120000 any subscriptions, excuse me, that are associated with that Azure 80 tenant. 0:16:22.120000 --> 0:16:25.980000 So any that had that Azure 80 tenant has their primary tenant. 0:16:25.980000 --> 0:16:28.400000 And you can have a hierarchy. 0:16:28.400000 --> 0:16:32.660000 And basically what you do is you can configure kind of global settings. 0:16:32.660000 --> 0:16:36.080000 And one of the really common global settings that you would use would 0:16:36.080000 --> 0:16:39.640000 be a policy. And there's all kinds of policies. 0:16:39.640000 --> 0:16:44.360000 We'll talk about those in other videos. 0:16:44.360000 --> 0:16:48.680000 Okay, but I can apply a policy to control, let's say what resources could 0:16:48.680000 --> 0:16:51.240000 be created or where those resources could be created. 0:16:51.240000 --> 0:16:54.720000 And if I apply it to a management group, it's going to filter down and 0:16:54.720000 --> 0:16:57.440000 apply to everything underneath. 0:16:57.440000 --> 0:17:01.640000 Okay, and then I could have a different policy or set of policies that 0:17:01.640000 --> 0:17:05.280000 I want to apply to all of my client subscriptions. 0:17:05.280000 --> 0:17:09.840000 And so then that policy would of course apply down to all of them. 0:17:09.840000 --> 0:17:12.360000 Okay, and so this really all management groups are they're just a way 0:17:12.360000 --> 0:17:15.220000 for you to well manage subscriptions. 0:17:15.220000 --> 0:17:19.420000 If you have a couple of subscriptions, probably not going to be worth 0:17:19.420000 --> 0:17:22.800000 it, right? But as you grow, particularly in the enterprise level, they 0:17:22.800000 --> 0:17:24.240000 can be extremely important. 0:17:24.240000 --> 0:17:27.700000 So let's take a look at management groups. 0:17:27.700000 --> 0:17:30.620000 And I'm going to demonstrate just where you can go to see management groups, 0:17:30.620000 --> 0:17:32.580000 what they are, how you can use them. 0:17:32.580000 --> 0:17:36.800000 So let's go ahead and pop over. 0:17:36.800000 --> 0:17:39.480000 So I'm in my portal still. 0:17:39.480000 --> 0:17:44.380000 And actually what I'm going to do here is I'm going to search for management 0:17:44.380000 --> 0:17:50.600000 groups. And you can see down here, I've got management groups. 0:17:50.600000 --> 0:17:57.360000 Okay, and I, you can see I've got a management group called active. 0:17:57.360000 --> 0:18:03.080000 And showing up, I have these three subscriptions, which aren't management 0:18:03.080000 --> 0:18:05.360000 groups. Why are they subscriptions? 0:18:05.360000 --> 0:18:07.980000 Well, because you always have a root group. 0:18:07.980000 --> 0:18:10.980000 And right now I'm in the tenant root group. 0:18:10.980000 --> 0:18:17.400000 Okay, and if I go down to active, I don't have any of my, I don't have 0:18:17.400000 --> 0:18:23.120000 any subscriptions under active, but what I could do is I could go to details, 0:18:23.120000 --> 0:18:26.000000 I can view some details. 0:18:26.000000 --> 0:18:31.420000 Okay, and notice I can add a sub management group, or I can add a subscription. 0:18:31.420000 --> 0:18:43.980000 And so my active subscription is actually that's going to add it in. 0:18:43.980000 --> 0:18:47.780000 And so now I've got this active group. 0:18:47.780000 --> 0:18:51.320000 And now you can see it's got any demonstrations and I can go in, I mentioned 0:18:51.320000 --> 0:18:55.520000 I do things like add policies, I can also control access, not going to 0:18:55.520000 --> 0:18:58.040000 go into policies now, but that is something I can do. 0:18:58.040000 --> 0:19:00.100000 All right, I can also go in here. 0:19:00.100000 --> 0:19:05.240000 And if I go back to my tenant group, notice that the I need demonstrations 0:19:05.240000 --> 0:19:08.420000 is not here anymore, because it's no longer in the root, it's been associated 0:19:08.420000 --> 0:19:22.060000 with active. I can add another management group, we'll call this one corp. 0:19:22.060000 --> 0:19:28.620000 And save that. Now while that's saving, I'll tell you another thing that 0:19:28.620000 --> 0:19:31.560000 you can use management group for us, you can use it for example, for some 0:19:31.560000 --> 0:19:33.340000 levels of monitoring. 0:19:33.340000 --> 0:19:36.460000 All right, so if I want to see costs, for example, at the management group, 0:19:36.460000 --> 0:19:40.340000 I can do that. I can't pay for them there, but I can do some reporting 0:19:40.340000 --> 0:19:44.060000 on it. All right, so we'll wait for this to finish creating. 0:19:44.060000 --> 0:19:48.220000 And then once that's created, I'll move my other two subscriptions into 0:19:48.220000 --> 0:19:57.420000 it. All right, so I've now got both active and corporate, I'm just going 0:19:57.420000 --> 0:20:01.860000 to go to corporate, and I'm going to go to corporate details. 0:20:01.860000 --> 0:20:06.140000 And I'm going to add some subscriptions. 0:20:06.140000 --> 0:20:09.200000 So we'll just do development for right now. 0:20:09.200000 --> 0:20:16.520000 All right, and once that's done, I could go ahead and add in the production 0:20:16.520000 --> 0:20:21.500000 as well. But I'm going to leave that, you get the idea, and just kind 0:20:21.500000 --> 0:20:26.020000 of come back to a few more concepts we want to deal with. 0:20:26.020000 --> 0:20:28.460000 Okay, so that's management groups again, you're going to use management 0:20:28.460000 --> 0:20:32.720000 groups really just to manage subscriptions. 0:20:32.720000 --> 0:20:35.680000 All right, and if I have multiple subscriptions associated with the same 0:20:35.680000 --> 0:20:42.280000 Azure AD tenant, then I can organize those using management groups. 0:20:42.280000 --> 0:20:46.480000 Now, speaking of organizing subscriptions and at a very high level, I 0:20:46.480000 --> 0:20:50.740000 do want to take a moment to talk about the enterprise license agreement. 0:20:50.740000 --> 0:20:55.160000 Okay, now I bring this up, it's typically not like a key part of a lot 0:20:55.160000 --> 0:20:58.700000 of curriculum, but I think it's important because quite frankly, there's 0:20:58.700000 --> 0:21:03.460000 a lot of organizations that are using their enterprise licensing for Azure, 0:21:03.460000 --> 0:21:08.700000 and it does change a few things with the way that you organize and administer 0:21:08.700000 --> 0:21:12.460000 Azure. At the resource level, there is no difference. 0:21:12.460000 --> 0:21:16.720000 But at the billing level, and above, there certainly is. 0:21:16.720000 --> 0:21:20.240000 Okay, first of all, the enterprise license agreement is going to either 0:21:20.240000 --> 0:21:22.480000 be its own standalone enrollment. 0:21:22.480000 --> 0:21:25.200000 So in other words, you could set up an enterprise license agreement with 0:21:25.200000 --> 0:21:31.100000 Microsoft specifically for Azure, or it could be part of an on-premises 0:21:31.100000 --> 0:21:34.040000 enrollment. So if you already have an enterprise agreement for your on 0:21:34.040000 --> 0:21:40.620000 -premises resources, you could go ahead and add Azure as part of that. 0:21:40.620000 --> 0:21:46.360000 Okay, now Azure has an enterprise agreement portal, it has its own portal. 0:21:46.360000 --> 0:21:52.120000 Now, you're not going to really see much of this except when you go into 0:21:52.120000 --> 0:21:56.220000 a subscription, there's certain things like cost management that are going 0:21:56.220000 --> 0:21:56.900000 to be different. 0:21:56.900000 --> 0:22:00.820000 And in fact, in many cases, you're not going to be able to view a lot 0:22:00.820000 --> 0:22:04.600000 of the cost management through the standard Azure portal if you have the 0:22:04.600000 --> 0:22:09.080000 enterprise agreement, because that's handled within the enterprise agreement 0:22:09.080000 --> 0:22:12.280000 or EA portal. Okay, it's just another portal. 0:22:12.280000 --> 0:22:16.900000 Now, there's a little bit of a difference here in that you get more of 0:22:16.900000 --> 0:22:19.820000 a hierarchy when you have the enterprise agreement. 0:22:19.820000 --> 0:22:24.040000 Specifically, the enterprise agreement has departments at the highest 0:22:24.040000 --> 0:22:28.120000 level. We've got departments. 0:22:28.120000 --> 0:22:32.420000 Okay, and then I can have accounts within departments, which are logins, 0:22:32.420000 --> 0:22:35.740000 and then within the departments, I have subscriptions. 0:22:35.740000 --> 0:22:39.380000 Okay, now the reason why I have accounts is because the departments have 0:22:39.380000 --> 0:22:42.580000 roles. For example, you can have an enterprise administrator that's going 0:22:42.580000 --> 0:22:46.900000 to have rights over the entire enterprise agreement, or I can also have 0:22:46.900000 --> 0:22:50.160000 department administrators, and I can have a few other roles underneath 0:22:50.160000 --> 0:22:56.020000 of that that are going to be able to manage my subscriptions. 0:22:56.020000 --> 0:22:58.160000 Okay, now this only goes down to the subscription level. 0:22:58.160000 --> 0:23:00.560000 Once you're at the resource level, there's really no difference in the 0:23:00.560000 --> 0:23:05.040000 way you work with them, although there may be some pricing differences. 0:23:05.040000 --> 0:23:07.860000 The cost reporting, as I mentioned, is different. 0:23:07.860000 --> 0:23:11.720000 For example, I can set up what are called spending quotas. 0:23:11.720000 --> 0:23:16.700000 Spending quotas are quotas at the department level. 0:23:16.700000 --> 0:23:21.080000 So I've got a department, and within that department, I may have a number 0:23:21.080000 --> 0:23:23.100000 of subscriptions. 0:23:23.100000 --> 0:23:27.160000 Okay, and what I can do is I can set a spending quota at the department 0:23:27.160000 --> 0:23:34.600000 level. Now, what that means is that on a monthly basis, it's tracking 0:23:34.600000 --> 0:23:39.460000 spending across all of the subscriptions in that department, and at certain 0:23:39.460000 --> 0:23:44.040000 predefined levels, it's going to send alerts that spending has to reach 0:23:44.040000 --> 0:23:44.700000 a certain level. 0:23:44.700000 --> 0:23:49.000000 Now, I can set that quota, and you can hit that quota. 0:23:49.000000 --> 0:23:50.720000 It doesn't stop anything. 0:23:50.720000 --> 0:23:52.880000 This is not a hard quota. 0:23:52.880000 --> 0:23:54.900000 It's not going to stop allowing you to do things. 0:23:54.900000 --> 0:23:59.120000 It's not going to shut down virtual machines, but you are going to get 0:23:59.120000 --> 0:24:02.640000 notification that you've hit that limit, and you could do things like 0:24:02.640000 --> 0:24:05.580000 run scripts or maybe other things where maybe you want to shut things 0:24:05.580000 --> 0:24:07.280000 down, and you could do that. 0:24:07.280000 --> 0:24:12.400000 Another thing that's pretty cool with the enterprise is you can spawn 0:24:12.400000 --> 0:24:16.600000 subscriptions that are specifically for dev and test. 0:24:16.600000 --> 0:24:18.980000 They are actually called dev test subscriptions. 0:24:18.980000 --> 0:24:23.540000 Now, what you get with those are a lower cost, simple as that, with a 0:24:23.540000 --> 0:24:27.140000 few caveats. So any resource you create, if I create a virtual machine 0:24:27.140000 --> 0:24:31.320000 and a dev test subscription, it will cost less than exactly the same virtual 0:24:31.320000 --> 0:24:34.140000 machine created in a production subscription. 0:24:34.140000 --> 0:24:39.920000 However, I do not get any SLAs, no performance SLAs, no availability SLAs, 0:24:39.920000 --> 0:24:46.080000 no SLAs. Also, I can't host production workloads as you would expect in 0:24:46.080000 --> 0:24:47.180000 a dev test subscription. 0:24:47.180000 --> 0:24:51.260000 The idea being that I'm doing my development in a dev test, maybe I'm 0:24:51.260000 --> 0:24:54.640000 even doing my staging in a dev test, but once it goes and I'm hosting 0:24:54.640000 --> 0:24:59.740000 that as a production workload, I need to go ahead and host that production 0:24:59.740000 --> 0:25:02.400000 workload in a standard subscription. 0:25:02.400000 --> 0:25:06.700000 So I can't get the lower cost and host and get the SLAs. 0:25:06.700000 --> 0:25:08.220000 It makes sense that's your trade-off. 0:25:08.220000 --> 0:25:12.800000 But it is a significant cost savings under some circumstances, it's under 0:25:12.800000 --> 0:25:14.440000 most circumstances. 0:25:14.440000 --> 0:25:15.800000 So what is the story here? 0:25:15.800000 --> 0:25:19.440000 If you have a development team and you want them to be able to develop 0:25:19.440000 --> 0:25:24.000000 Azure workloads, but do it in the most cost-effective way, and you have 0:25:24.000000 --> 0:25:27.400000 an enterprise agreement, that's when you're going to look for dev test 0:25:27.400000 --> 0:25:32.620000 subscriptions. Okay, now last topic is the Azure service lifecycle. 0:25:32.620000 --> 0:25:35.520000 As I said, this is something you need to know, but it's also not something 0:25:35.520000 --> 0:25:39.200000 that is of massive complexity. 0:25:39.200000 --> 0:25:43.900000 Anytime a new service or resource is added, and service and resource basically 0:25:43.900000 --> 0:25:49.460000 the same thing. So let's say, for example, that I know something at the 0:25:49.460000 --> 0:25:54.940000 time of this that is coming up at some point, is that Azure is going to 0:25:54.940000 --> 0:25:59.540000 allow you to choose geo replication options for a storage account. 0:25:59.540000 --> 0:26:02.620000 Now, if you're new to Azure, you don't know what a storage account is 0:26:02.620000 --> 0:26:06.220000 necessarily, you don't know what your replication is, that all comes later. 0:26:06.220000 --> 0:26:07.820000 But it's a service. 0:26:07.820000 --> 0:26:11.640000 Now right now it doesn't exist, but they're going to phase it in. 0:26:11.640000 --> 0:26:15.420000 And the way it phases in is really kind of the reverse of the way I have 0:26:15.420000 --> 0:26:16.060000 it put out here. 0:26:16.060000 --> 0:26:20.140000 Typically, not always, but typically when new functionality is added, 0:26:20.140000 --> 0:26:22.900000 it is added as a private preview. 0:26:22.900000 --> 0:26:32.080000 And with that, what you have to do is I would like to participate in this 0:26:32.080000 --> 0:26:35.320000 private preview, can I please do that? 0:26:35.320000 --> 0:26:39.060000 And if they've got their numbers or whatever, you're in a location they 0:26:39.060000 --> 0:26:41.880000 want to test out, then they'll go ahead and invite you in and give you 0:26:41.880000 --> 0:26:44.760000 information on how to start your private preview. 0:26:44.760000 --> 0:26:46.440000 That's usually the first step. 0:26:46.440000 --> 0:26:49.560000 Then once it's gone through private preview, usually sometimes it does 0:26:49.560000 --> 0:26:50.740000 go straight to this. 0:26:50.740000 --> 0:26:53.180000 The next step is public preview. 0:26:53.180000 --> 0:26:55.300000 And what public preview means is a few things. 0:26:55.300000 --> 0:27:00.260000 First of all, anybody, as the name suggests, can create a resource, can 0:27:00.260000 --> 0:27:03.500000 use a service that is in public preview. 0:27:03.500000 --> 0:27:09.880000 Generally speaking, the costing is less or free than it will be when it's 0:27:09.880000 --> 0:27:12.660000 in general availability. 0:27:12.660000 --> 0:27:15.200000 And really that just depends on the service. 0:27:15.200000 --> 0:27:17.620000 I've seen services that are temporarily free. 0:27:17.620000 --> 0:27:20.100000 I've seen services that are of much lower cost while they're in public 0:27:20.100000 --> 0:27:25.800000 preview. Also with public preview, there are no SLAs. 0:27:25.800000 --> 0:27:29.380000 There's documentation generally speaking. 0:27:29.380000 --> 0:27:33.600000 Documentation may not be complete because it's in preview. 0:27:33.600000 --> 0:27:39.100000 But you'll see how to use it, but you will not get a service level agreement. 0:27:39.100000 --> 0:27:41.360000 And you are not supposed to. 0:27:41.360000 --> 0:27:44.240000 It's not intended for production workloads. 0:27:44.240000 --> 0:27:49.600000 This is where you're going, you're testing out, and you are seeing A, 0:27:49.600000 --> 0:27:52.340000 if this is a service you're going to use and B, how you would use it once 0:27:52.340000 --> 0:27:54.400000 it goes into general availability. 0:27:54.400000 --> 0:27:57.120000 General availability is exactly what it sounds like. 0:27:57.120000 --> 0:28:00.580000 That means that it's production from Microsoft standpoint, from Azure 0:28:00.580000 --> 0:28:04.960000 standpoint. Anything that is general availability, it's going to have 0:28:04.960000 --> 0:28:06.140000 its full pricing. 0:28:06.140000 --> 0:28:09.720000 Now the pricing may change over time, but it does have its general availability 0:28:09.720000 --> 0:28:14.200000 pricing. Any service level agreements, any support that is designed to 0:28:14.200000 --> 0:28:17.800000 be associated with that particular service or resource is now going to 0:28:17.800000 --> 0:28:22.120000 be available. One thing to note, public preview. 0:28:22.120000 --> 0:28:27.460000 There are some resources that have been in public preview for years. 0:28:27.460000 --> 0:28:32.180000 Some resources, some services go through the process fairly quickly. 0:28:32.180000 --> 0:28:35.780000 Others, like I said, have been in public preview for years and may still 0:28:35.780000 --> 0:28:38.740000 be in public preview for years to come. 0:28:38.740000 --> 0:28:42.840000 And that's something that, what is the schedule on a particular resource? 0:28:42.840000 --> 0:28:46.480000 That's something you would actually need to contact Microsoft and might 0:28:46.480000 --> 0:28:50.780000 get some idea as to what that lifecycle is. 0:28:50.780000 --> 0:28:52.940000 But anyways, that's the Azure service lifecycle. 0:28:52.940000 --> 0:28:57.080000 It is something that you need to understand, three levels, not terribly 0:28:57.080000 --> 0:29:02.000000 complex. And as I said before, I just kind of pushed that into the broader 0:29:02.000000 --> 0:29:04.400000 picture of subscriptions. 0:29:04.400000 --> 0:29:08.820000 We talked about those types of subscriptions, how to access subscriptions, 0:29:08.820000 --> 0:29:11.220000 and how they're managed at the enterprise level.