The following forum(s) have migrated to Microsoft Q&A (Preview): Azure Active Directory!
Visit Microsoft Q&A (Preview) to post new questions.

Learn More

 locked
Can you use an AAD user id to access the Azure portals RRS feed

  • Question

  • I've created some Microsoft Live accounts for managing my Azure subscriptions (I've got five).  I can log in using, for example, joe@mycompany.com and manage my web services using the public portal. I think I've got the hang of Azure Active Directory and the Domain Services that go along with it. So now I'm wondering, can I associate my domain ('mycompany.com') with an Azure Active Directory in my corporate portal, add my user 'joe' to it, and use 'joe@mycompany.com' to sign into the portal?  That is, will the Azure Portals use Azure Active Directory for logins?
    Saturday, February 25, 2017 10:36 PM

Answers

  • Yes, absolutely. In a production environment you would preferere is also, since you would get centralized identity and management around your services.

    Want to recomend this article for you: https://docs.microsoft.com/en-us/azure/active-directory/role-based-access-control-what-is

    It goes in detail on this topic, and is a great starting point.

    Hope this answered your question :)


    /Anders Eide


    Sunday, February 26, 2017 5:20 PM
  • I understand. Sounds like you have added a work address to your Microsoft Account, something that is really not recommended. Please have a look at this post to why :)https://blogs.technet.microsoft.com/enterprisemobility/2016/09/15/cleaning-up-the-azure-ad-and-microsoft-account-overlap/

    To solve this is quite easy, but if it's your first time it might feels a bit shaky, so try the following.

    1. Add a new work account your Azure AD, and assign the new account the Account and Service Administrator role at https://account.windowsazure.com. This way, we are sure that you wont loose access, and the next step feels a lot safer.
    2. As recommended in the article I linked above, go ahead an rename your personal Microsoft Account to not use your work address anymore. https://support.microsoft.com/en-us/help/11545/microsoft-account-rename-your-personal-account. This process may take up to 48 hours to complete.
    3. Now, you have cleaned up, and should be able to add your engineering@dorkbond.com to the subscriptions admin roles, without the risk of assigning it to a Microsoft Account instead.

    Just make note that you need to use the new sign-in address for your Microsoft Account when you sign in to personal services here after, and that you might have to sign in again in some services connected to that one.

     

    /Anders Eide


    Monday, February 27, 2017 5:19 PM

All replies

  • Yes, absolutely. In a production environment you would preferere is also, since you would get centralized identity and management around your services.

    Want to recomend this article for you: https://docs.microsoft.com/en-us/azure/active-directory/role-based-access-control-what-is

    It goes in detail on this topic, and is a great starting point.

    Hope this answered your question :)


    /Anders Eide


    Sunday, February 26, 2017 5:20 PM
  • Well, it's an answer, but it doesn't seem to agree with what the portal is telling me.  I have an Azure Active directory which is tied to my domain (darkbond.com).  I have a user in there called Engineering.  I also have an account on Microsoft live with the same address (Engineering@darkbond.com).  When I log into Azure, it sees the two authentication services that handle the darkbond.com domain (that is, it sees Microsoft Account and my corporate AAD) and give me the option of selecting a Work or School address (my corporate AAD) or an address created by me (Microsoft Account).  When I log in with my Microsoft account, I see the user 'Engineering@darkbond.com' in the upper right and I'm able to see the subscription.  When I log in with my corporate AAD account, I see the user name 'Engineering@darkbond.com' in the upper right but no subscriptions are associated with the account.  Same user name in both scenarios, but the portal is somehow able to figure out what directory is hosting the user credentials.  Any ideas how to tie the subscription to the AAD user credentials?
    • Edited by DRAirey1 Sunday, February 26, 2017 6:51 PM
    Sunday, February 26, 2017 6:50 PM
  • I understand. Sounds like you have added a work address to your Microsoft Account, something that is really not recommended. Please have a look at this post to why :)https://blogs.technet.microsoft.com/enterprisemobility/2016/09/15/cleaning-up-the-azure-ad-and-microsoft-account-overlap/

    To solve this is quite easy, but if it's your first time it might feels a bit shaky, so try the following.

    1. Add a new work account your Azure AD, and assign the new account the Account and Service Administrator role at https://account.windowsazure.com. This way, we are sure that you wont loose access, and the next step feels a lot safer.
    2. As recommended in the article I linked above, go ahead an rename your personal Microsoft Account to not use your work address anymore. https://support.microsoft.com/en-us/help/11545/microsoft-account-rename-your-personal-account. This process may take up to 48 hours to complete.
    3. Now, you have cleaned up, and should be able to add your engineering@dorkbond.com to the subscriptions admin roles, without the risk of assigning it to a Microsoft Account instead.

    Just make note that you need to use the new sign-in address for your Microsoft Account when you sign in to personal services here after, and that you might have to sign in again in some services connected to that one.

     

    /Anders Eide


    Monday, February 27, 2017 5:19 PM