Microsoft Azure Government Onboarding Guide

Updated March 2017

Agenda

1

Stores data within the United States.

Offers a roadmap for meeting rigorous compliance demands (i.e. FedRAMP, CJIS, and HIPAA) of a

government-only cloud.

Provides rich infrastructure, storage, and identity management capabilities delivered through cloud,

on-premises, and hybrid solutions.

Provides a physical and network-isolated instance of Microsoft Azure.

Provides screened U.S. citizens and policies to help protect customer data and applications.

2

Microsoft Azure Government is a government-community cloud that offers hyperscale compute, storage,

networking, and identity management services with world-class security.

Azure Government Hierarchy

Enrollment

Department A

Account A

Subscription 1 Subscription 2

Account B

Subscription 3

Department B

Account C

Subscription 4

Account D

Subscription 5

3

• Enterprise Agreement

• Invoice Level

• Service Layer

• Example:

• Subscription 1 = Dev

• Subscription 2 = Prod

• Provision within Azure Gov AAD

• Example:

• Account A = PM of Project 1

• Account B = PM of Project 2

• Optional layer in the hierarchy

• Example:

• Department A = IT

• Department B = Finance

Azure Government Portals Overview

Enterprise Portalea.azure.com

4

•

•

•

account.windowsazure.us portal.azure.us

•

•

•

•

•

•

•

•

•

• •

•

F

u

n

c

t

i

o

n

S

c

r

e

e

n

s

h

o

t

R

o

l

e

s*Note: The classic version of the Azure Management Portal is still

available at manage.windowsazure.us*

Azure Government Roles & Azure Active Directory (AAD) Associations

Enterprise Admin

5

Enterprise Portal

Department Admin

GOV

AADO365

AAD

GOV

AAD

O365

AAD

GOV

AAD

GOV

AAD

GOV

AAD

GOV

AAD

Note: Additional Role Based Authentication Control (RBAC) roles can be found here

Azure Government Account Overview

Gov

AAD

Enterprise Admin Department Admin

Can be used in all roles in all portals

Can be used only in the Enterprise Portal

6

Microsoft Account

(Live.com, Outlook.com, Hotmail.com)

Not recommended for use in Azure

Government

O365

AAD

7

Azure AAD Considerations On-Premises (Customer) In the cloud

AD on premise

(user@GovDomain.com)

user@AzureGovDomain.onmicrosoft.com

You can connect your on premise Active

Directory to either O365 Azure Active

Directory or Azure Government Azure Active

Directory.

user@O365Domain.onmicrosoft.com

Azure Gov AAD

O365 AAD

OR

Note: When adding a new account owner, the account must be within the Azure Active Directory domain within your Azure Government

environment. See the section below on Adding Users to your Azure Active Directory for details on how to create additional accounts. Also note that

the account will not become Active until that account owner logs in to the Enterprise Portal. Only active accounts can be used to create additional

subscriptions.

Common Order and Provisioning Issues

8

Issue: Submitting an order that has both Azure Government and Azure Commercial

Solution: Azure Government and Azure Commercial must always be on a separate enrollments

Issue: Submitting an order that has the reseller listed as the Online Notices Contact

Solution: When completing the order ensure that the customer is listed as the Online Notices Contact

Issue: Customers are not able to access their Azure Government instance

Solution: There are many reasons why this might happen, but the most common one is that when a customer is new to Azure

Government we need to manually provision their tenant (example: cityofphiladelphia.onmicrosoft.com). Customer

will be notified of this process in the Welcome Email.

Issue: When adding a Enterprise, Department or Account Owner the portal gives an error message “Invalid Account”.

Solution: This is caused because the setting on the Enrollment Tab for “Auth Level” isn’t set to “Work or School Account Cross

Tenant”

Issue: Adding an Enterprise Administrator that is already a Department Administrator (and vice versa).

Solution: The Department Administrator needs to be different, find a backup and make the backup be the Department

Administrator.

Issue: Cannot create an Account Owner

Solution: Ensure your Account Owners are setup within an Azure Government AAD

Enterprise Portal Overview

9

The Enterprise Portal has many functions as seen in the screen shot below. It is where you will Manage access to the following key roles. It is also where you will see Reports for

usage on the enrollment.

Manage Panel

You can move to Department, Account and Subscription level from here.

You can also create and modify Enterprise Admins, Department Admins,

Account Owners and subscriptions

Reports Panel

Shows reports that outline consumption of services in your enrollment.

The amount of details that are available to you are governed by if the

Partner has enabled the option to Show Partner Markup

Enrollment Number

This number to the left under the Windows icon is the Enterprise

Agreement number from your Azure Government enrollment

Notification Panel

Provide updates based on service updates and other communications

relating to your Azure Government instance

Help Panel

Provides self-help tutorials on a variety of topics ranging from how to

Add a new Subscription to how to enable Partner Markup

Enterprise PortalManage Tab

10

Department/Account Setup Methodology

11

Choosing the right set up methodology for your organization is an important first step in setting up your enrollment. How you set up your Departments/Accounts and

Subscriptions will impact how they are administered and how they are reflected on your enterprise level reports. This is now done by adding the account with the Name you

want then creating a Department and associating the account with the Department

Manage - Enrollment Panel OverviewWhen you login to the EA Portal you begin in an Enrollment view for enrollment level details. Here your main tasks are to add others in administrative roles and change any

desired enrollment level settings.

You begin at the enrollment level.

The focus will be highlighted in blue

You can move to Department,

Account and Subscription levelYou can see and add

Enterprise Admins

Hovering over the

headshot icon will allow

you to see your login

credentials and sign out

You can add a

notification

contact here

You can

move to

reporting,

notifications

and Help

views on the

left hand

navigation

panel

Related

accounts is

the same as

the account

view on topPlease note that this Support link will direct you to

Commercial Support. Please submit support requests

directly within the Azure Portal (portal.azure.us)

Feedback can be provided

through the comment icon

12If DA view charges is enabled then Department Admins will be able to see usage.

If AO view charges is enabled then Account Owner will be able to see usage.

Enabling

Marketplace

will give you

access to the

Azure

Government

Marketplace

Add/Edit Enterprise Admins & Notification Contacts

Clicking on the Add buttons will bring slide

outs in from the right side of the screen.

Fill in the action box with appropriate detailsTo focus on a specific Enterprise Admin hover over it. An edit pen and delete icon will appear. Selecting

edit will open a screen to update notifications and selecting the x will open a screen to delete the admin

13

When creating a new Enterprise Admin ensure Auth Level is set to:

“Work or School Account Cross Tenant”

Notification Contacts can added to provide billing/usage

information to identities outside of Azure Government

Read-only role flag for those who can see usage but cannot add/edit roles

Manage - Department Panel OverviewThe Department focus allows you to operate at the department level. The default iconic view uses color to show active departments in green and inactive departments in orange.

If you prefer a list view you can toggle to that view. Clicking on a department brings you to the detail view where you can edit department details

Clicking on the edit pen

opens additional details

Related accounts

will now show

accounts with

the department

focus set

14

Clicking on the

Department will

open a Details

view where you

can view and

edit details

You can add Departments here. Clicking on add will bring a slide out from the

right hand side of the screen with an action box to fill in details.

Default view uses Icons. You

can toggle to a list view here

Filter to show

only active

status items

You can add

Department

Admins here.

Clicking on add

will bring a

slide out from

the right hand

side of the

screen with an

action box to

fill in details.

Manage - Account Panel OverviewThe Account Panel is where you do all things related to Accounts. To manage account details hover over the account until it is highlighted then select from the icons on the right

Status:

Active - if account owner has logged in.

Pending - if account owner has not logged in.

Inactive - if the account owner has been deleted

Auth Type: Shows the

Authentication method required

for each account

Start Date is the date the account owner first

logged in.

End Date is the end of EA contract period

Department is

Unassigned until

set by Enterprise or

Department Admin

15

You can select accounts

across all departments or

filter by department

Filter to remove deleted

accounts from view.

Once deleted they show

as Inactive but remain for

historic billing info. They

can be re-added as well

View My Account opens

the Account Detail screen

where you can edit your

account name for

example

You can see and define Cost Center

at the Department, Account and

Subscription Level

Important information prior to adding Account Owners

16

• The first time you login to the EA Portal as an Account Owner

you will see this warning. It is important to read and

understand because any existing subscriptions that are owned

by this Account Owner are about to be converted and benefits

could be lost

• A Trial Account that is added to an enrollment will lose their

individual monthly Azure credit

• A Sponsored Account that is added to an enrollment will lose

their individual monthly Azure credit

• Azure Commercial Account Owners cannot use the same

identity for Azure Government

Manage Accounts Panel – Add Account OwnersThe Account Panel is where you do all things related to Accounts. To manage account details hover over the account until it is highlighted then select from the icons on the right.

Note: When adding a new account owner, the account must be within the Azure Active Directory domain within your Azure Government environment. See the section below on

Adding Users to your Azure Active Directory for details on how to create additional accounts. Also note that the account will not become Active until that account owner logs in to

the Enterprise Portal. Only active accounts can be used to create additional subscriptions.

17

You can add Accounts here.

Clicking on add will bring a slide

out from the right hand side of

the screen with an action box to

fill in details.

Create or Associate an Account Owner

18

You may create a new Account Owner or associate an existing Account Owner to your enrollment.

Create a New Account – Enter the identity of a new user that you want to be able to create

subscriptions in both the “Email Address” and the “Confirm Email Address” sections. (Please note that

the user must have first been created in the Azure Government Active Directory. For details on how to

do this see the slides below that highlights “Adding Users in Azure Active Directory”)

Associate an Account Owner to an enrollment (common when coming from a Trial of Sponsorship) -

enter the Account Owner email address that you want to associate from a Trial or Sponsorship in the

“Email Address” and the “Confirm Email Address” sections.

Creating a new Account Owner or associating an existing Account Owner requires confirmation of

account ownership. In order to confirm ownership the new Account Owner must sign into the

Enterprise Portal

IMPORTANT NOTICE: The association of an Account and its subscriptions happens on the day the

Account Owner signs into the enterprise portal and thereby confirms association of the account owner

email address. Existing subscriptions transferred to an Enterprise Enrollment will be immediately

transitioned to billing on the Enterprise Enrollment on that day. The Account owner is responsible for

paying any outstanding charges on the payment instrument prior to the association date.

All usage on transferred accounts will be billed based on terms of the Enterprise Enrollment.

Subscriptions that were using a different offer type for payment like Pay As You Go on a credit card will

be converted to Enterprise Offers. The automated process will rename the subscription appending the

words (converted to EA) to the end of the subscription name so that you know it has made that

transition. If an account has subscriptions with special pricing (including no charge services), once

transferred, the account will begin incurring costs based on the terms of the Azure Amendment to the

Enterprise Enrollment

Manage Accounts Panel – Edit Account OwnersSelecting the edit icon brings a pop over where you can change the account name, associate the account with a specific department and set a Cost Center

Hovering over the account reveals

the Action Icons. Options are Edit

Account, Delete Account, Change

Account Owner and Transfer

Subscriptions

19

Clicking on the edit pen opens

this overlaid view.

Manage Accounts Panel – Change Account OwnerThis process will allow you to transfer subscriptions from one account owner to another

20

Clicking on this icon begins the

process of the changing the

Account Owner

The Selection box will highlight

eligible transfer candidates in dark

bold text.

Candidates are made eligible by

being active and having created at

least one subscription.

Please note limitations.

Status will appear at the top of the

window after submission. Transfers

are not instant. If the transfer has

not completed in an hour please

contact support.

Manage Accounts Panel – Transfer SubscriptionsTransfer individual subscriptions from one account owner to another. So if Account A has three subscriptions the Enterprise Admin could transfer one to Account B, one to

Account C and one to Account D.

21

Clicking on this icon begins the

process of the changing the

Account Owner

The Selection box will

show a subscription

list to select from.

Select the target

from the bold dark

eligible destination

accounts.

Continue on to

transfer the

subscription in the

final window.

Status will appear at

the top of the panel.

Manage Accounts Panel – Transfer SubscriptionsWhether doing an ownership change (transferring all subscriptions) or individual subscription transfers, to see the transfer status you will have to first deselect the Active filter to

show subscriptions in non-active statuses. You will also notice that the subscription is in Active Transferring status until the transfer is completed.

22

Remove the check

next to the Active box

Subscription Setup Methodology

23

Creating different subscriptions for each environment (e.g. Production and

Dev/Test) within your applications and assigning a different Service Administrator

and Co-Administrators to each subscription can be used to help control access to

development projects and environments within your organization.

An Account Owner can have one or multiple subscriptions.

Example: Joe has two subscriptions and John has one

Only the Account Owner has the ability to create a subscription. Subscriptions may have any combination of services associated to them.

Manage - Subscriptions Panel OverviewThis view allows you to view or refresh all subscriptions available to you and if you are an account owner add new subscriptions.

Only an Account Owner will

have an add subscription link

Setting a Cost Center

value at the

subscription level can

only be done after

the subscription is

created. To do so,

hover over the

subscription to reveal

the edit icon and

then click on it.

Within the popover

box you can set or

edit the subscription

level Cost Center

24

Clicking on View

Managed

Subscriptions will

allow you to see all

the subscriptions that

you have access

Unchecking this box will show all

inactive subscriptionsFilter by Department and Account

Add a New Subscription

25

When you add a new subscription to your

enrollment from the enterprise portal, you will

be defaulted to the US Government Azure

Enterprise Offer.

When you add an additional subscription you

will need to check the box denoting “This

subscription is governed by your Enterprise

Agreement” then click on Purchase.

Each new subscription will default to the name

US Government Azure Enterprise Offer. It is

best practice to rename to something unique

after it is created so you can identify each

subscription. This renaming is done via the

Account Portal (Please see slide in this deck

titled “Edit Subscription Details”)

Add a New Subscription

26

Subscription creation is completed through the Account Portal and

can take a few minutes.

When it is ready you will see a link to take you to the Management

Portal. You will need to come back to the Account Portal to

customize the subscription name.

Edit Subscription Details

27

Select the desired subscription from the Subscriptions List.

You can edit both the subscription name and Service

Administrator.

• Subscription name should be representative of the

subscription and differentiate it from other subscriptions.

• The Account Owner will be the default Service Administrator

on new subscriptions. Any other identity from within your

Azure Gov AAD tenant can be set as the Service

Administrator.

Next, select Edit Subscription Details from the right hand

navigation menu.

Enterprise PortalReports Tab

28

Reports – Two Key Usage ReportsThese reports will show consumption of services in your enrollment. The amount of details that are available to you varies based on if partner markup is show

29

Usage Summary

Report

This report will only

show if your

Partner has

enabled show

Partner Markup for

your enrollment. It

will show

consumption by

unit as well as

usage charges ($).

Service Usage Report

This report shows consumption by unit but it

does not include actual usage charges ($). If you

would like to see usage charges ($) then you will

need to reach out to your Partner and request

that they publish markup for your Azure

Government enrollment.

Reports – Published Markup PricingThe reports you will see depends on whether your partner is using the Publish Markup feature available to them. You will be able to tell if you Partner is the using the markup

feature by the absence or presence of the Price Sheet and Usage Summary menu items

30

The presence of

these two items

denote that your

Partner has

published

markup pricing

for your

enrollment

Reports – Usage Summary – Monthly ViewThis default monthly view is where you can see a historic graph with the current month or selected month’s data highlighted on the right. If you scroll down you will get a monthly

detail where you can filter by Department, Account and Subscription

Your view focus will be highlighted

in blue. M is the Monthly view and Q is the

Quarterly view. Click to toggle

Charges are

summarized on

the side and color

coded. Green is

spend against a

monetary

commitment, Red

is Overage,

Yellow is charges

billed separately

by invoice.

Graphical summary

shows Monetary

Commitment as a

blue line. Hovering

at the data point

shows the amount

month by month

31

Hover over the month you want to

focus on for details

You can edit the PO number when you

receive an overage notification

Note: To learn more about pricing, billing

and metering, click here.

Service – Each of the Microsoft Azure

services that have been utilized by one or

more subscriptions during the calendar

month

Consumed Units – The amount of service

consumed (hours, GB, etc.), during the

selected month

Unit of Measure – The Unit of Measure

used to calculate charges each month

Unit Price – The commitment pricing per

unit used to calculate monthly charges

Usage Charge – The amount of money

applied against your monetary

commitment

Included Units – The Units consumed that

are included at no cost

Charged Units – The Units consumed that

are billable

Reports – Usage Detail – Monthly View

Scrolling down will show usage and charges by categories in

color coded and labelled sections for: charges against monetary

commitment, charges in overage, charges billed separately

32

Reports – Usage Summary – Quarterly ViewThis quarterly view shows the contract year broken down in quarters with the current quarter highlighted. There is a monthly summary for each quarter and if you scroll down you

will get a monthly detail where you can filter by Department, Account and Subscription

Current quarter highlighted. Click

on other quarters to change the

focus to that quarter

Beginning Balance,

New Purchases,

and Adjustments

show pre-paid

balance. Utilized

shows spend

against that

balance. Service

Overage and

Charges Billed

Separately show

amount billed back

in arrears by

invoice.

Please note that

Charges Billed

Separately are

invoiced separately

and not against the

monetary

commitment balance.

They are billed back

quarterly in arrears.

33

Reports – Usage Summary – Filtered UsageScrolling down show the service usage details and cost by service type and allows you to filter by Service Type, Department, Account and Subscription

34

Two views Charge by Service and Charge by Hierarchy:

Charge by Service is Azure Services, Services Billed Separately,

Charge by Hierarchy is Department, Account and Subscription Level

Your view focus will be

highlighted in blue

Reports – Usage Summary – Filtered UsageScrolling down show the service usage details and cost by service type and allows you to filter by Service Type, Department, Account and Subscription

I have chosen Charge by Hierarchy then the “EcoSystemTest”

Department, then the “Admin@ffsubtestna.onmicrosoft.com”

account, then the “MS-AZR-USGOV-0017P” subscription

Clicking on the Department, Account or Subscription

Name expands the panel for that view.

35

Reports – Download UsageThis is where you can see details in a spreadsheet that provide the lowest level details down to individual virtual machines and storage accounts. The Monthly Usage Detail reports

are pre-pulled with historic month usage and current month to date usage. Enterprise Administrators have the ability to download all account and subscription daily, SKU-level

usage data associated with the Enrollment. Account Owners have the ability to download usage data from subscriptions associated with their account and can only view cost data

if it is enabled by the Enterprise Administrator.

Balance and Charge: shows the usage

summary view of month beginning balance

and charges against that balance

Usage Detail: shows the monthly view of

the detailed daily usage for all accounts and

subscriptions

Price Sheet: shows

historic service prices

36

Reports – Download UsageThis is where you can see details in a spreadsheet that provide the lowest level details down to individual virtual machines and storage accounts for a custom set of accounts and a

custom date range. You can also use the API to pull data programmatically

Selecting the API Access Key focus opens this view, where

you can generate, regenerate, delete and copy API keys

This is the Advanced Report where you can choose a date

range and account set for a custom report

You will be

prompted to

confirm your

actions for

API key

actions when

you click on

the icons

37

Reports – Service Usage ReportWith no Published Markup the only data you will have in the EA portal is usage data. The Download Usage will provide usage at the detailed service level and the Service Usage

Report will provide a month by month usage summary which just indicates relative usage of services at the published unit of measure.

38

Reports – Price SheetThis is where you can see your negotiated prices for each service. Note this list includes all services not just Azure Gov services

Your view focus will be

highlighted in blue.

New in this UI is the ability to

download the price sheet in an

excel spreadsheet

Commitment prices are prices

negotiated against a pre-paid

monetary commitment balance

Overage prices are those in excess

of a monetary commitment

therefore billed back in arrears

Clicking on the

Information

icon will show

the baseline

negotiated rate

and the current

rate. Customers

get the better of

the two rates.

39

To Filter on Azure Gov specific

services. Click on Search and then

type in “GOV”

Reports – Power BI ReportingNote: You must

have a valid Work

or School

Account with

authentication in

Azure Active

Directory (AAD) in

order to use

Power BI.

40

Reports – Power BI Reporting

Default Dashboard:

Customize and drill down by

clicking.

Default Reports: Customize

and drill down by clicking.

Datasets: Update

automatically or can be

refreshed on demand and you

can build your own

Dashboards and Reports from

the dataset.

41

Overage and Quota Threshold Notifications

42

Indirect Enterprise Administrators are automatically enrolled to receive weekly notifications of their total enrollment usage. Emails are also sent to notify customers that their

coverage period date is approaching, enrollment will be disabled and de-provisioned.

Monetary Commitment Balance &

Unbilled Usage:

• The emails provide a usage

summary only. If the partner has

published a markup cost

information is available in Usage

Summary and Download Usage

reports.

• Each Enterprise Administrator has

the ability to change the frequency

of the notification to daily, weekly,

monthly or turn them off

completely.

• A Notification Contact can be

added to receive notifications on

the same frequency or can be set

up independently on their own

schedule

• To modify notification settings:

hover over the admin account and

then select the edit pen on the

right, a popover will appear with

notification settings

Periodic Usage & Lifecycle Email Notifications

43

Lifecycle Email Notifications

44

Enterprise Administrators are automatically enrolled to receive weekly notifications of their remaining monetary commitment balance and any unbilled usage. Emails are also sent

to notify customers that their coverage period date is approaching, enrollment will be Disabled and De-provisioned.

Lifecycle Email Notifications:

• Coverage Period End Date

Approaching Emails are sent to

Enterprise Administrator 60, 30,

7 day prior to the Azure

Amendment Coverage Period

End Date

• Disable and De-provision Date

Approaching: Inform the

Enterprise Administrators on an

enrollment that the coverage

period end date has past by

more than 10 months and that

their Accounts and

Subscriptions will be disabled

after the coverage period end

date has been exceeded by one

full year. Email is sent 60, 30,

15, 7 and 1 days prior to end of

grace period.

Azure Portalportal.azure.us

45

New Portal Classic Portal

http://portal.azure.us

http://manage.windowsazure.us

Resource Manager

Azure Portal vs. Classic Management Portal

46

Azure Management PortalAzure Management Portal OverviewIf you only have a single subscription you can begin deploying by selecting the + NEW button left of the page then selecting the service type you want to configure. If you have

more than one subscription first select the subscription. Panels expand from left to right and get overlaid as you go deeper down the configuration path.

47

Azure Management PortalAny users designated as Global Administrator, including the first user created, can add a user to the Azure Government Active Directory tenant. This step is required before that

user can be added as an Account Owner or Service Admin.

48

Adding Users into the Azure Government AAD

Click on Azure Active Directory If this

option is not one of the default options

click on More Services

Click on Add a user Create the new user

Name:

First and Last Name

User Name: This will need

to be an identity on your

Azure Government tenant

Directory Role:

This is where you will

choose the type of role

that the new user will have

Password: After clicking

on the “Show Password”

box the customer will be

able to see the password

for the new identity

Lastly, click Create

49Adding an Ownership Role to a subscription

First we highly recommend that you gain an understanding of Role Based Access which is an important concept to Azure Subscriptions. To add a co-administrator or ownership

role to a subscription, click on the double head and shoulders icon in the individual subscription panel, then the add button, then select the owner role and the select or search for

the personal Microsoft account or Work or School account you want to add. They must be valid and discoverable before they can be added

49

The Owner role only operates on the Azure Government Portal

Their role includes the ability to:

1) Provision/de-provision azure services within the subscription

2) Manage the other roles within the subscription

3) Open support tickets for issues within the subscription

They do not get any email notification when they are added to a role but they can now access the subscription at

portal.azure.us

Azure Management PortalWe now provide EA service cost estimates based on your EA negotiated service rates for Direct Enrollments and Indirect Enrollments with a published markup, in roles that are

enabled to see costs. In the past what appeared here were List prices.

50

EA Prices in Azure Management Portal

To validate that we are seeing EA

costs for DS1 VM, an image of the

EA Price Sheet is provided, showing

a price of $14.34/100 hours or .1434

per hour times 744 hours (31 days

times 24 hours per day) which

equals approximately $106.69 per

month.

Azure Service Level Help51

Azure Service Level HelpUse the Documentation Icon to go to www.azure.com where there are searchable articles, videos and other helps for understanding and configuring Azure services.

To see documentation about configuring an

azure service or to get support click on the help

and support icon in the upper right corner, the

question mark inside a circle. It will open a Help

and Support Panel pre-populated.

51

Opening a Support RequestChoose the New Support Request Icon or menu item and fill out the needed information in panels. Below is an example of requesting a quota increase for more cores within a

subscription.

At the end you must click on the create button and when

successful you will also get the support ticket number for

your reference. Note: for technical support you must have a

technical support contract in place. If you do not, for EA

customers it is ordered as a line item SKU on a Purchase

Order. See our slide on Support Plan Tiers.

52

Classic Management Portalmanage.windowsazure.us

53

Management Portal Overview

54

Full Service Listing

Name is a field that you can

customize when creating the service

Clicking Subscriptions will show you

the full list of subscriptions that you

have access to modify

manage.windowsazure.us/

Type is denotes the type of service

Status denotes if the service is

actively running or online

Subscription shows the subscription

in which the service currently resides

Location shows which data center

the service is currently hosted at

Click New to start

a new service

This help section will help you

get started with creation,

deployment and configuration

of your services

Add additional users to Azure Active DirectoryAny users designated as Global Administrator, including the first user created, can add a user to the Azure Government Active Directory tenant. This step is required before that

user can be added as an Enterprise Administrator, Account Owner, or Service Admin.

From the left hand side of the portal, select Active Directory

and then select the SubDomainName to be administered.

This provides several management functions for the Azure

Active Directory (AAD) including user management.

From the Users tab, the Global Admin can Add Users, Reset

Passwords, and Delete Users using the buttons on the bottom

of the screen and/or by interacting directly with the user list.

55

Add additional users to Azure Active DirectoryThe portal will step through a series of windows to create the user. Note that the Role of Global Admin provides access to administer the AAD tenant.

The temporary credentials

for the new user can be

sent directly to the user

via plan-text email or are

provided directly to the

admin for distribution as

desired.

NOTE: If you choose to

send the credentials to the

user via the email

function, the email will

contain a link to the

incorrect management

portal. Please be sure your

users use

ttps://manage.windowsaz

ure.us to access the Azure

Gov portal.

56

Adding a co-administrator to a subscription

57

The Co-Admin only operates on the Management Portal

This role includes the ability to:

1) Provision/de-provision azure services within the

subscription

2) Manage the list of co-administrators

They do not receive any email notification when they are

added as a co-admin

Click on Manage administrators

Click on Subscriptions

Adding a co-administrator to a subscription

58

Choose an identity that

you would like to add as

a co-admin then click

on the Edit icon

Click on a subscription that you want the user to have access to as

a co-admin and then click on the checkmark at the bottom right

59

Our Tiered Support Offerings

Find details on our support offerings page:

https://azure.microsoft.com/en-us/support/plans/government/

Support can be purchased through your channel partner.

59

Microsoft Azure Government Support Plans

Summary of User ManagementAdd an identity to your Gov Azure Active Directory (AAD) tenant:

Login to the Management Portal using the credentials provided

Select Active Directory from the tabs on the left navigation

Click on the arrow next to your domain name

Click on Users tab on the upper navigation

Click Add User on the bottom of the screen

Fill out the various fields, clicking next to walk through the process noting the selection of User Role based on the description in the Onboarding Guide

Click Create to create the account and generate a temporary password (note that if you allow the portal to send the credentials directly to a user that the

email will include a link to the commercial management portal by mistake)

Grant an identity for access to the Management Portal and/or Subscriptions:

Login to the Management Portal using the credentials provided

Select Settings from the tabs on the left navigation

Click on Administrators from the upper navigation

Click Add on the bottom of the screen

Enter the identity you would like to add as a Co-Admin and select the subscription(s) to which to add them noting that the identity must first exist in the AAD

tenant per the first set of instructions

Grant an identity for access to the Enterprise Portal:

Login to the Enterprise Portal using the credentials provided

Select Manage from the left navigation and then select the Enrollment panel

Click on Add Administrator

Enter the identity to be added and select the role (Enterprise Admin or Department Admin) noting that the Enrollment Authentication Level should be set to

Work or School Account Cross Tenant.

Add an account to the Enterprise Portal:

Login to the Enterprise Portal using the credentials provided

Select Manage from the left navigation and then select the Account panel

Click on Add Account

Enter the identity to be added noting that the identity must first exist in the AAD tenant per the first set of instructions

Using In-Private browsing in IE or similar functionality in another browser, login to the Enterprise Portal again using the identity just added as an Account

If this identity was also added as an Enterprise or Department Admin, then click on the account name from the list to Activate the account

60

Microsoft Azure Services and Support ResourcesSupport

Microsoft Azure Government Support – Please submit a request directly in the Azure Portal (azure.portal.us)

Helpful Links

Microsoft Azure Enterprise Portal – To view your enterprise level accounts, subscriptions, monetary commitment and overage balances and to create accounts https://ea.azure.com

Microsoft Azure Account Portal – To create additional subscriptions and rename existing subscriptions https://account.windowsazure.us/

Microsoft Azure Management Portal – To deploy and host your applications once you have created a subscription on the Microsoft Azure Enterprise Portal https://manage.windowsazure.us

Service Dashboard – Current status on the health of Microsoft Azure Services can be viewed at the service dashboard at http://azure.microsoft.com/support/service-dashboard/If you wish to receive notifications for interruptions to any of the services, you can subscribe to the respective RSS feeds from that page

Service Level Agreements – To view service level agreements associated with Microsoft Azure services, go to the SLA homepage at http://azure.microsoft.com/support/legal/sla/

Services Deployed in Azure Gov – To view services that have been deployed into the Azure Gov environment, go to the Azure Regions page at http://azure.microsoft.com/regions/#services

© 2016 Microsoft Corporation. All rights reserved. Microsoft, Microsoft Azure, Microsoft Azure logo, Windows Live, and SQL Azure are trademarks of the Microsoft group of companies. All

other trademarks are property of their respective owners. Microsoft makes no warranties, express or implied. You may copy and use this document for your internal, reference purposes only. 61

Appendix for Managed Service Provider (MSP) Enrollments

Partner with

Microsoft sales teams

to develop a go-to-

market strategy

Build a high-quality

relationship with the

end customer

Resell discounts on

Azure Government

and Azure

commercial services

Qualify for additional

sales and service

incentive offers

Access Microsoft

Business Investment

Funds (BIF)

Now that you are part of the Microsoft MSP program, you can open your business to new customer

paths, services, and revenue lines, create a more direct path to government agencies, increase your

overall efficiency, and offer faster delivery of services. Benefits of the program include the following:

62

MSP - Manage Departments PanelThe Department focus allows you to operate at the department level. The new default iconic view uses color to show active departments in green and inactive departments in

orange. If you prefer a list view you can toggle to that view.

Your view focus will be

highlighted in blue

Default view uses

Icons. You can toggle

to a list view here

You can add

Departments

and

Department

Admins here.

Clicking on

add will

bring a slide

out from the

right hand

side of the

screen with

an action

box to fill in

details.

Clicking on the

Department

will open a

Details view

where you can

view and edit

details

Filter to show

only active

status items

MSP Departments are

identified with the

MSP badge

63

MSP - Add DepartmentAs an MSP enrollment when you add a department there is additional information needed for each department you define as an MSP department

When you click the add department button and

select yes for MSP the information items will

below it will appear.

***If you do not see the MSP option, then you will

need to fill in a Support Request

(http://aka.ms/azuregovsupport) to setup your

tenant as an MSP***

Although all

other fields

are optional

there may be

important

fields for

your use in

managing

MSP

departments

Contact Information has required fields with are noted with an *

It is important that the Company Name and Address are

recognizable by Microsoft for internal reporting purposes

64