You must use a personal microsoft address to activate a sponsored Azure Pass (outlook.com, live.com etc). Do not use an address associated with an enterprise microsoft tenant.
💡 Only one person in each team needs to do this.
Activate your pass at https://aka.ms/azurepass.
Below, we will walk through
- a basic Azure Orientation
- Azure Tenant setup for your team
- Azure Subscription configuration for the things we want to explore
On activation of an Azure Pass, a new subscription is created (yellow). A subscription can only exist within a Tenant. Usually an organisation will have only one tenant, but it may have many subscriptions.
So for the purpose of the Azure Pass, a dummy organisation will have been created on activation, usually named 'Default Directory', with an associated domain of <name>.onmicrosoft.com for its users.
1 Organisation : 1 Tenant : 1 Directory (of users)
Further reading
- Taking the Azure estate further (below)
To use an azure pass tenant and subscription with multiple users, such as the members of a hack team, follow these steps:
For users that already have an email they use elsewhere with Microsoft or Azure (this could be your work email), give them guest access to the tenant: MSLearn: Invite a guest user
Guest users must accept an invitation that they will receive by email, and can then log in at portal.azure.com with their own email.
Note: Guest users will need to switch directory after logging in.
For users that would like to have a new identity owned by this tenant, create a new user: MSLearn: Create a new user
Note: you can add members on creation of the group in a single step - find the
select memberslink on the group creation page.
In this example, for the purpose of a hack with an Azure Pass subscription, we will give the group comprehensive permissions to act on everything at the subscription level and within that.
This also means we can proceed with this step before creating further resources within the subscription.
Follow the instructions below, with two modifications:
-
Instead of selecting the
Ownerrole, selectContributor -
Instead of selecting a single user, select
the group created above.MSLearn: Assign administrative roles at the subscription level
Before specific resources can be provisioned, the relevant providers have to be registered at the subscription level.
Navigate to the Resource providers pane of the subscription in the portal, and register:
-
Microsoft.MachineLearning
Please note the following when working within an Azure Pass sponsored supscription:
⚠️ Default compute quotas mean there is limited allowance for Azure Machine Learning VMs per region (a workspace resides in a particular region).- use max 3 2-core compute instances for three users or teams of pair programmers working interactively (e.g. 3 DS11 machines) *OR* 1 DS12 machine for more intensive processing - use 1 cluster of 4 F4 machines to explore multi-user clusters for job submission - use 1 cluster of 1 NC6 machine to explore submission of GPU jobs
⚠️ Note that the Azure Pass subscriptions are not enabled for provisioning the Azure OpenAI Service.
See also documentation about established patterns that use subscriptions for a best-practice decentralised model based on Landing zones for isolated workloads in larger enterprises.
https://learn.microsoft.com/en-us/azure/cloud-adoption-framework/ready/enterprise-scale/