IT:AD:Azure:Account

An Azure Account can be associated to two types of IdP Accounts

These two configurations are referred to as:

• Personal Accounts
• Organisation Accounts

An IdP Account can be associated to zero or more Subscriptions (IT:AD:Azure, IT:AD:Office 365 (O365), IT:AD:InTune etc.).

Zero or more of these Subscriptions can be Azure Subscriptions).

As stated above, there are two types of Accounts: * Personal Accounts * Organisation Accounts.

Their primary characteristics are described below.

Personal Accounts:

• are personal, consumer accounts, created by individuals themselves (as oppossed to an Org's admin) and stored at https://live.com
• services authenticate by redirecting users to sign in via https://signin.live.com
• are currently called Microsoft Accounts (Passport Accounts became Live Accounts, which became Microsoft Accounts)
• Can access services registered in the Azure ADs to which the user has been invited.
  • Note: Azure AD has a federation trust relationship with https://live.com. Hence Azure AD can authenticate “native” org accounts, as well as “guest” consumer Microsoft Accounts.
• Considerations:
  • There is no API for provisioning Microsoft Accounts, and therefore cannot currently fulfill Organisational (Business/School) provisioning/management/deprovisioning requirements.

Organisation Accounts: * are created by Organisations using Azure AD, or their IT:AD:Office 365 (O365) Subscription's Azure AD. * are Accounts managed in an Organisation's Subscription's Azure AD (either by Cloud Identities, Synchronized Identities, Federated Identities) * services authenticate by redirecting users to sign in via https://signin.live.com * can access services registered in the Azure ADs to which the user belongs (his own org), or has been invited.

You can manage your Account from various locations (this makes it a little confusing).

You can manage your Account in one of the following locations: * https://live.com ← core Account Information * https://account.windowsazure.com ← Azure specific Account information (Name can be different than Core for some reason)

An Account (whether a Personal Microsoft Account or Organisation Account) can be associated to n Subscriptions:

• IT:AD:Azure:Subscription
• IT:AD:Visual Studio Team Services
• Mathletics
• etc.

Subscriptions can be managed as follows: * Azure:

• https://account.windowsazure.com/Subscriptions

* O365:

• https://stores.office.com/myaccount/home.aspx

* Visual Studio Team Services:

• (todo)

An Account can have several Administration Roles¹⁾ per service²⁾. The Service can be Azure in general, or a Service within Azure (eg Azure AD).

• Azure Subscription Administration Roles:
  • Account Administrator (AA) (should maybe have been called Subscription Administrator, but hey…)
  • Service Administrator (SA) (same as Owner, but cannot change Service Administrator)

    • Service Co-Administrator (CA) (same as Service Administrator but cannot add/remove other Service Administrators)
• Azure Active Directory Roles:
  • Global Administrator
  • Billing Administrator
  • Service Administrator
  • User Administrator
  • Password Administrator

• https://azure.microsoft.com/en-us/documentation/articles/active-directory-how-subscriptions-associated-directory/
• https://nirajrules.wordpress.com/2013/09/12/windows-azure-portals-and-access-levels/
• http://www.brucebnews.com/2013/04/the-difference-between-a-microsoft-account-and-an-office-365-account/
• http://www.brucebnews.com/2016/06/finding-your-way-through-microsofts-maze-of-work-and-personal-accounts/
• http://www.markwilson.co.uk/blog/2015/02/microsoft-accounts-vs-microsofts-organizational-accounts.htm