Microsoft Azure Government Onboarding Guide Updated October 2016

Agenda

1

Microsoft Azure Government is a government-community cloud that offers hyperscale compute, storage, networking, and identity management services with world-class security. Provides a physical and network-isolated instance of Microsoft Azure. Offers a roadmap for meeting rigorous compliance demands (i.e. FedRAMP, CJIS, and HIPAA) of a government-only cloud. Provides rich infrastructure, storage, and identity management capabilities delivered through cloud, on-premises, and hybrid solutions. Stores data within the United States. Provides screened U.S. citizens and policies to help protect customer data and applications.

2

Azure Government Hierarchy Enrollment

• Enterprise Agreement • Invoice Level

• Optional layer in the hierarchy • Example: • Department A = IT • Department B = Finance • •

Provision within Azure Gov AAD Example: • Account A = PM of Project 1 • Account B = PM of Project 2

• •

Service Layer Example: • Subscription 1 = Dev • Subscription 2 = Prod

Department A

Account A

Subscription 1

Subscription 2

Department B

Account B

Account C

Account D

Subscription 3

Subscription 4

Subscription 5

3

Azure Government Portals Overview Enterprise Portal ea.azure.com F u n c t i o n

• •

account.windowsazure.us

portal.azure.us

•

•

•

•

•

•

•

S c r e e n s h o t

R o l e s

• • •

•

• • *Note: The classic version of the Azure Management Portal is still available at manage.windowsazure.us*

4

Azure Government Roles & Azure Active Directory (AAD) Associations Enterprise Portal

Enterprise Admin

GOV AAD

O365 AAD

Department Admin

GOV AAD

O365 AAD

GOV AAD

GOV AAD

GOV AAD

GOV AAD

Note: Additional Role Based Authentication Control (RBAC) roles can be found here

5

Azure Government Account Overview

Gov AAD

Microsoft Account (Live.com, Outlook.com, Hotmail.com)

O365 AAD

Enterprise Admin

Department Admin

Not recommended for use in Azure Government

Can be used only in the Enterprise Portal

Can be used in all roles in all portals

6

Azure AAD Considerations You can connect your on premise Active Directory to either O365 Azure Active Directory or Azure Government Azure Active Directory.

On-Premises (Customer)

In the cloud

O365 AAD

AD on premise ([email protected])

OR

[email protected]

Azure Gov AAD [email protected]

Note: When adding a new account owner, the account must be within the Azure Active Directory domain within your Azure Government environment. See the section below on Adding Users to your Azure Active Directory for details on how to create additional accounts. Also note that the account will not become Active until that account owner logs in to the Enterprise Portal. Only active accounts can be used to create additional subscriptions. 7

Common Order and Provisioning Issues Issue: Submitting an order that has both Azure Government and Azure Commercial Solution: Azure Government and Azure Commercial must always be on a separate enrollments Issue: Submitting an order that has the reseller listed as the Online Notices Contact Solution: When completing the order ensure that the customer is listed as the Online Notices Contact Issue: Customers are not able to access their Azure Government instance Solution: There are many reasons why this might happen, but the most common one is that when a customer is new to Azure Government we need to manually provision their tenant (example: cityofphiladelphia.onmicrosoft.com). Customer will be notified of this process in the Welcome Email. Issue: When adding a Enterprise, Department or Account Owner the portal gives an error message “Invalid Account”. Solution: This is caused because the setting on the Enrollment Tab for “Auth Level” isn’t set to “Work or School Account Cross Tenant” Issue: Adding an Enterprise Administrator that is already a Department Administrator (and vice versa). Solution: The Department Administrator needs to be different, find a backup and make the backup be the Department Administrator. Issue: Cannot create an Account Owner Solution: Ensure your Account Owners are setup within an Azure Government AAD 8

Enterprise Portal Overview The Enterprise Portal has many functions as seen in the screen shot below. It is where you will Manage access to the following key roles. It is also where you will see Reports for usage on the enrollment. Enrollment Number This number to the left under the Windows icon is the Enterprise Agreement number from your Azure Government enrollment Manage Panel You can move to Department, Account and Subscription level from here. You can also create and modify Enterprise Admins, Department Admins, Account Owners and subscriptions Reports Panel Shows reports that outline consumption of services in your enrollment. The amount of details that are available to you are governed by if the Partner has enabled the option to Show Partner Markup Notification Panel Provide updates based on service updates and other communications relating to your Azure Government instance

Help Panel Provides self-help tutorials on a variety of topics ranging from how to Add a new Subscription to how to enable Partner Markup

9

Enterprise Portal Manage Tab

10

Department/Account Setup Methodology Choosing the right set up methodology for your organization is an important first step in setting up your enrollment. How you set up your Departments/Accounts and Subscriptions will impact how they are administered and how they are reflected on your enterprise level reports. This is now done by adding the account with the Name you want then creating a Department and associating the account with the Department

11

Manage - Enrollment Panel Overview When you login to the EA Portal you begin in an Enrollment view for enrollment level details. Here your main tasks are to add others in administrative roles and change any desired enrollment level settings. Hovering over the headshot icon will allow You can move to Department, Feedback can be provided You begin at the enrollment level. You can see and add you to see your login Account and Subscription level through the comment icon The focus will be highlighted in blue Enterprise Admins credentials and sign out You can move to reporting, notifications and Help views on the left hand navigation panel Enabling Marketplace will give you access to the Azure Government Marketplace

You can add a notification contact here

Related accounts is the same as the account view on top If DA view charges is enabled then Department Admins will be able to see usage. If AO view charges is enabled then Account Owner will be able to see usage.

Please note that this Support link will direct you to Commercial Support. Please submit support requests directly within the Azure Portal (portal.azure.us)

12

Add/Edit Enterprise Admins & Notification Contacts When creating a new Enterprise Admin ensure Auth Level is set to: “Work or School Account Cross Tenant”

Read-only role flag for those who can see usage but cannot add/edit roles

Notification Contacts can added to provide billing/usage information to identities outside of Azure Government To focus on a specific Enterprise Admin hover over it. An edit pen and delete icon will appear. Selecting edit will open a screen to update notifications and selecting the x will open a screen to delete the admin

Clicking on the Add buttons will bring slide outs in from the right side of the screen. Fill in the action box with appropriate details 13

Manage - Department Panel Overview The Department focus allows you to operate at the department level. The default iconic view uses color to show active departments in green and inactive departments in orange. If you prefer a list view you can toggle to that view. Clicking on a department brings you to the detail view where you can edit department details

Default view uses Icons. You can toggle to a list view here

You can add Departments here. Clicking on add will bring a slide out from the right hand side of the screen with an action box to fill in details.

Clicking on the Department will open a Details view where you can view and edit details You can add Department Admins here.

Related accounts will now show accounts with the department focus set

Clicking on the edit pen opens additional details

Filter to show only active status items

Clicking on add will bring a slide out from the right hand side of the screen with an action box to fill in details.

14

Manage - Account Panel Overview The Account Panel is where you do all things related to Accounts. To manage account details hover over the account until it is highlighted then select from the icons on the right You can select accounts across all departments or filter by department

Auth Type: Shows the Authentication method required for each account

Status: Active - if account owner has logged in. Pending - if account owner has not logged in. Inactive - if the account owner has been deleted

Start Date is the date the account owner first logged in. End Date is the end of EA contract period

Filter to remove deleted accounts from view. Once deleted they show as Inactive but remain for historic billing info. They can be re-added as well View My Account opens the Account Detail screen where you can edit your account name for example You can see and define Cost Center at the Department, Account and Subscription Level Department is Unassigned until set by Enterprise or Department Admin 15

Important information prior to adding Account Owners •

The first time you login to the EA Portal as an Account Owner you will see this warning. It is important to read and understand because any existing subscriptions that are owned by this Account Owner are about to be converted and benefits could be lost

•

A Trial Account that is added to an enrollment will lose their individual monthly Azure credit

•

A Sponsored Account that is added to an enrollment will lose their individual monthly Azure credit

•

Azure Commercial Account Owners cannot use the same identity for Azure Government

16

Manage Accounts Panel – Add Account Owners The Account Panel is where you do all things related to Accounts. To manage account details hover over the account until it is highlighted then select from the icons on the right. Note: When adding a new account owner, the account must be within the Azure Active Directory domain within your Azure Government environment. See the section below on Adding Users to your Azure Active Directory for details on how to create additional accounts. Also note that the account will not become Active until that account owner logs in to the Enterprise Portal. Only active accounts can be used to create additional subscriptions.

You can add Accounts here. Clicking on add will bring a slide out from the right hand side of the screen with an action box to fill in details.

17

Create or Associate an Account Owner You may create a new Account Owner or associate an existing Account Owner to your enrollment. Create a New Account – Enter the identity of a new user that you want to be able to create subscriptions in both the “Email Address” and the “Confirm Email Address” sections. (Please note that the user must have first been created in the Azure Government Active Directory. For details on how to do this see the slides below that highlights “Adding Users in Azure Active Directory”) Associate an Account Owner to an enrollment (common when coming from a Trial of Sponsorship) enter the Account Owner email address that you want to associate from a Trial or Sponsorship in the “Email Address” and the “Confirm Email Address” sections. Creating a new Account Owner or associating an existing Account Owner requires confirmation of account ownership. In order to confirm ownership the new Account Owner must sign into the Enterprise Portal IMPORTANT NOTICE: The association of an Account and its subscriptions happens on the day the Account Owner signs into the enterprise portal and thereby confirms association of the account owner email address. Existing subscriptions transferred to an Enterprise Enrollment will be immediately transitioned to billing on the Enterprise Enrollment on that day. The Account owner is responsible for paying any outstanding charges on the payment instrument prior to the association date. All usage on transferred accounts will be billed based on terms of the Enterprise Enrollment. Subscriptions that were using a different offer type for payment like Pay As You Go on a credit card will be converted to Enterprise Offers. The automated process will rename the subscription appending the words (converted to EA) to the end of the subscription name so that you know it has made that transition. If an account has subscriptions with special pricing (including no charge services), once transferred, the account will begin incurring costs based on the terms of the Azure Amendment to the Enterprise Enrollment

18

Manage Accounts Panel – Edit Account Owners Selecting the edit icon brings a pop over where you can change the account name, associate the account with a specific department and set a Cost Center

Hovering over the account reveals the Action Icons. Options are Edit Account, Delete Account, Change Account Owner and Transfer Subscriptions

Clicking on the edit pen opens this overlaid view.

19

Manage Accounts Panel – Change Account Owner This process will allow you to transfer subscriptions from one account owner to another

Clicking on this icon begins the process of the changing the Account Owner

The Selection box will highlight eligible transfer candidates in dark bold text. Candidates are made eligible by being active and having created at least one subscription. Please note limitations. Status will appear at the top of the window after submission. Transfers are not instant. If the transfer has not completed in an hour please contact support.

20

Manage Accounts Panel – Transfer Subscriptions Transfer individual subscriptions from one account owner to another. So if Account A has three subscriptions the Enterprise Admin could transfer one to Account B, one to Account C and one to Account D. Clicking on this icon begins the process of the changing the Account Owner

The Selection box will show a subscription list to select from. Select the target from the bold dark eligible destination accounts. Continue on to transfer the subscription in the final window. Status will appear at the top of the panel. 21

Manage Accounts Panel – Transfer Subscriptions Whether doing an ownership change (transferring all subscriptions) or individual subscription transfers, to see the transfer status you will have to first deselect the Active filter to show subscriptions in non-active statuses. You will also notice that the subscription is in Active Transferring status until the transfer is completed.

Remove the check next to the Active box

22

Subscription Setup Methodology Only the Account Owner has the ability to create a subscription. Subscriptions may have any combination of services associated to them. An Account Owner can have one or multiple subscriptions. Example: Joe has two subscriptions and John has one

Creating different subscriptions for each environment (e.g. Production and Dev/Test) within your applications and assigning a different Subscription Administrators and Co-Administrators to each subscription can be used to help control access to development projects and environments within your organization.

23

Manage - Subscriptions Panel Overview This view allows you to view or refresh all subscriptions available to you and if you are an account owner add new subscriptions.

Filter by Department and Account

Unchecking this box will show all inactive subscriptions

Only an Account Owner will have an add subscription link

Clicking on View Managed Subscriptions will allow you to see all the subscriptions that you have access

Setting a Cost Center value at the subscription level can only be done after the subscription is created. To do so, hover over the subscription to reveal the edit icon and then click on it. Within the popover box you can set or edit the subscription level Cost Center 24

Add a New Subscription When you add a new subscription to your enrollment from the enterprise portal, you will be defaulted to the US Government Azure Enterprise Offer. When you add an additional subscription you will need to check the box denoting “This subscription is governed by your Enterprise Agreement” then click on Purchase. Each new subscription will default to the name US Government Azure Enterprise Offer. It is best practice to rename to something unique after it is created so you can identify each subscription. This renaming is done via the Account Portal (Please see slide in this deck titled “Edit Subscription Details”)

25

Add a New Subscription When it is ready you will see a link to take you to the Management Portal. You will need to come back to the Account Portal to customize the subscription name.

Subscription creation is completed through the Account Portal and can take a few minutes.

26

Edit Subscription Details Select the desired subscription from the Subscriptions List. You can edit both the subscription name and Service Administrator.​ •

Subscription name should be representative of the subscription and differentiate it from other subscriptions.​

•

The Account Owner will be the default Service Administrator on new subscriptions. Any other identity from within your Azure Gov AAD tenant can be set as the Service Administrator. ​

Next, select Edit Subscription Details from the right hand navigation menu.

27

Enterprise Portal Reports Tab

28

Reports – Two Key Usage Reports These reports will show consumption of services in your enrollment. The amount of details that are available to you varies based on if partner markup is show

Usage Summary Report This report will only show if your Partner has enabled show Partner Markup for your enrollment. It will show consumption by unit as well as usage charges ($).

Service Usage Report This report shows consumption by unit but it does not include actual usage charges ($). If you would like to see usage charges ($) then you will need to reach out to your Partner and request that they publish markup for your Azure Government enrollment.

29

Reports – Published Markup Pricing The reports you will see depends on whether your partner is using the Publish Markup feature available to them. You will be able to tell if you Partner is the using the markup feature by the absence or presence of the Price Sheet and Usage Summary menu items

The presence of these two items denote that your Partner has published markup pricing for your enrollment

30

Reports – Usage Summary – Monthly View This default monthly view is where you can see a historic graph with the current month or selected month’s data highlighted on the right. If you scroll down you will get a monthly detail where you can filter by Department, Account and Subscription Your view focus will be highlighted in blue.

Graphical summary shows Monetary Commitment as a blue line. Hovering at the data point shows the amount month by month

Hover over the month you want to focus on for details

You can edit the PO number when you receive an overage notification

M is the Monthly view and Q is the Quarterly view. Click to toggle

Charges are summarized on the side and color coded. Green is spend against a monetary commitment, Red is Overage, Yellow is charges billed separately by invoice.

31

Reports – Usage Detail – Monthly View

Service – Each of the Microsoft Azure services that have been utilized by one or more subscriptions during the calendar month Unit of Measure – The Unit of Measure used to calculate charges each month Consumed Units – The amount of service consumed (hours, GB, etc.), during the selected month Included Units – The Units consumed that are included at no cost Charged Units – The Units consumed that are billable Unit Price – The commitment pricing per unit used to calculate monthly charges

Scrolling down will show usage and charges by categories in color coded and labelled sections for: charges against monetary commitment, charges in overage, charges billed separately

Note: To learn more about pricing, billing and metering, click here.

Usage Charge – The amount of money applied against your monetary commitment

32

Reports – Usage Summary – Quarterly View This quarterly view shows the contract year broken down in quarters with the current quarter highlighted. There is a monthly summary for each quarter and if you scroll down you will get a monthly detail where you can filter by Department, Account and Subscription

Current quarter highlighted. Click on other quarters to change the focus to that quarter

Beginning Balance, New Purchases, and Adjustments show pre-paid balance. Utilized shows spend against that balance. Service Overage and Charges Billed Separately show amount billed back in arrears by invoice.

Please note that Charges Billed Separately are invoiced separately and not against the monetary commitment balance. They are billed back quarterly in arrears.

33

Reports – Usage Summary – Filtered Usage Scrolling down show the service usage details and cost by service type and allows you to filter by Service Type, Department, Account and Subscription

Your view focus will be highlighted in blue

Two views Charge by Service and Charge by Hierarchy: Charge by Service is Azure Services, Services Billed Separately, Charge by Hierarchy is Department, Account and Subscription Level

34

Reports – Usage Summary – Filtered Usage Scrolling down show the service usage details and cost by service type and allows you to filter by Service Type, Department, Account and Subscription

I have chosen Charge by Hierarchy then the “EcoSystemTest” Department, then the “[email protected]” account, then the “MS-AZR-USGOV-0017P” subscription

Clicking on the Department, Account or Subscription Name expands the panel for that view. 35

Reports – Download Usage This is where you can see details in a spreadsheet that provide the lowest level details down to individual virtual machines and storage accounts. The Monthly Usage Detail reports are pre-pulled with historic month usage and current month to date usage. Enterprise Administrators have the ability to download all account and subscription daily, SKU-level usage data associated with the Enrollment. Account Owners have the ability to download usage data from subscriptions associated with their account and can only view cost data if it is enabled by the Enterprise Administrator. Balance and Charge: shows the usage summary view of month beginning balance and charges against that balance

Usage Detail: shows the monthly view of the detailed daily usage for all accounts and subscriptions

Price Sheet: shows historic service prices 36

Reports – Download Usage This is where you can see details in a spreadsheet that provide the lowest level details down to individual virtual machines and storage accounts for a custom set of accounts and a custom date range. You can also use the API to pull data programmatically

This is the Advanced Report where you can choose a date range and account set for a custom report Selecting the API Access Key focus opens this view, where you can generate, regenerate, delete and copy API keys

You will be prompted to confirm your actions for API key actions when you click on the icons

37

Reports – Service Usage Report With no Published Markup the only data you will have in the EA portal is usage data. The Download Usage will provide usage at the detailed service level and the Service Usage Report will provide a month by month usage summary which just indicates relative usage of services at the published unit of measure.

38

Reports – Price Sheet This is where you can see your negotiated prices for each service. Note this list includes all services not just Azure Gov services

Your view focus will be highlighted in blue.

New in this UI is the ability to download the price sheet in an excel spreadsheet

To Filter on Azure Gov specific services. Click on Search and then type in “GOV”

Clicking on the Information icon will show the baseline negotiated rate and the current rate. Customers get the better of the two rates.

Commitment prices are prices negotiated against a pre-paid monetary commitment balance

Overage prices are those in excess of a monetary commitment therefore billed back in arrears 39

Reports – Power BI Reporting Note: You must have a valid Work or School Account with authentication in Azure Active Directory (AAD) in order to use Power BI.

40

Reports – Power BI Reporting Default Dashboard: Customize and drill down by clicking. Default Reports: Customize and drill down by clicking. Datasets: Update automatically or can be refreshed on demand and you can build your own Dashboards and Reports from the dataset.

41

Overage and Quota Threshold Notifications Indirect Enterprise Administrators are automatically enrolled to receive weekly notifications of their total enrollment usage. Emails are also sent to notify customers that their coverage period date is approaching, enrollment will be disabled and de-provisioned. Monetary Commitment Balance & Unbilled Usage: •

The emails provide a usage summary only. If the partner has published a markup cost information is available in Usage Summary and Download Usage reports.

•

Each Enterprise Administrator has the ability to change the frequency of the notification to daily, weekly, monthly or turn them off completely.

•

A Notification Contact can be added to receive notifications on the same frequency or can be set up independently on their own schedule

•

To modify notification settings: hover over the admin account and then select the edit pen on the right, a popover will appear with notification settings

42

Periodic Usage & Lifecycle Email Notifications

43

Lifecycle Email Notifications Enterprise Administrators are automatically enrolled to receive weekly notifications of their remaining monetary commitment balance and any unbilled usage. Emails are also sent to notify customers that their coverage period date is approaching, enrollment will be Disabled and De-provisioned.

Lifecycle Email Notifications: •

Coverage Period End Date Approaching Emails are sent to Enterprise Administrator 60, 30, 7 day prior to the Azure Amendment Coverage Period End Date

•

Disable and De-provision Date Approaching: Inform the Enterprise Administrators on an enrollment that the coverage period end date has past by more than 10 months and that their Accounts and Subscriptions will be disabled after the coverage period end date has been exceeded by one full year. Email is sent 60, 30, 15, 7 and 1 days prior to end of grace period.

44

Azure Portal portal.azure.us

45

Azure Portal vs. Classic Management Portal http://portal.azure.us http://manage.windowsazure.us Resource Manager

New Portal

Classic Portal

46

Azure Management Portal Overview Azure Management Portal

If you only have a single subscription you can begin deploying by selecting the + NEW button left of the page then selecting the service type you want to configure. If you have more than one subscription first select the subscription. Panels expand from left to right and get overlaid as you go deeper down the configuration path.

47

EAAzure PricesManagement in Azure Management Portal Portal

We now provide EA service cost estimates based on your EA negotiated service rates for Direct Enrollments and Indirect Enrollments with a published markup, in roles that are enabled to see costs. In the past what appeared here were List prices.

To validate that we are seeing EA costs for DS1 VM, an image of the EA Price Sheet is provided, showing a price of $14.34/100 hours or .1434 per hour times 744 hours (31 days times 24 hours per day) which equals approximately $106.69 per month.

48

49

Adding an Ownership Role to a subscription

First we highly recommend that you gain an understanding of Role Based Access which is an important concept to Azure Subscriptions. To add a co-administrator or ownership role to a subscription, click on the double head and shoulders icon in the individual subscription panel, then the add button, then select the owner role and the select or search for the personal Microsoft account or Work or School account you want to add. They must be valid and discoverable before they can be added

The Owner role only operates on the Azure Government Portal Their role includes the ability to: 1) Provision/de-provision azure services within the subscription 2) Manage the other roles within the subscription 3) Open support tickets for issues within the subscription They do not get any email notification when they are added to a role but they can now access the subscription at portal.azure.us 49

50

Azure Service Level Help Azure Service Level Help

Use the Documentation Icon to go to www.azure.com where there are searchable articles, videos and other helps for understanding and configuring Azure services.

To see documentation about configuring an azure service or to get support click on the help and support icon in the upper right corner, the question mark inside a circle. It will open a Help and Support Panel pre-populated.

50

Opening a Support Request Choose the New Support Request Icon or menu item and fill out the needed information in panels. Below is an example of requesting a quota increase for more cores within a subscription.

At the end you must click on the create button and when successful you will also get the support ticket number for your reference. Note: for technical support you must have a technical support contract in place. If you do not, for EA customers it is ordered as a line item SKU on a Purchase Order. See our slide on Support Plan Tiers. 51

Classic Management Portal manage.windowsazure.us

52

Management Portal Overview manage.windowsazure.us/ Clicking Subscriptions will show you the full list of subscriptions that you have access to modify Name is a field that you can customize when creating the service Type is denotes the type of service Status denotes if the service is actively running or online

Full Service Listing

Subscription shows the subscription in which the service currently resides Location shows which data center the service is currently hosted at

Click New to start a new service

This help section will help you get started with creation, deployment and configuration of your services 53

Add additional users to Azure Active Directory Any users designated as Global Administrator, including the first user created, can add a user to the Azure Government Active Directory tenant. This step is required before that user can be added as an Enterprise Administrator, Account Owner, or Service Admin.

From the left hand side of the portal, select Active Directory and then select the SubDomainName to be administered.

This provides several management functions for the Azure Active Directory (AAD) including user management.

From the Users tab, the Global Admin can Add Users, Reset Passwords, and Delete Users using the buttons on the bottom of the screen and/or by interacting directly with the user list. 54

Add additional users to Azure Active Directory The portal will step through a series of windows to create the user. Note that the Role of Global Admin provides access to administer the AAD tenant.

The temporary credentials for the new user can be sent directly to the user via plan-text email or are provided directly to the admin for distribution as desired. NOTE: If you choose to send the credentials to the user via the email function, the email will contain a link to the incorrect management portal. Please be sure your users use ttps://manage.windowsaz ure.us to access the Azure Gov portal.

55

Adding a co-administrator to a subscription The Co-Admin only operates on the Management Portal

Click on Subscriptions

This role includes the ability to: 1) Provision/de-provision azure services within the subscription 2) Manage the list of co-administrators

They do not receive any email notification when they are added as a co-admin

Click on Manage administrators 56

Adding a co-administrator to a subscription Click on a subscription that you want the user to have access to as a co-admin and then click on the checkmark at the bottom right

Choose an identity that you would like to add as a co-admin then click on the Edit icon

57

58

Microsoft Azure Government Support Plans Our Tiered Support Offerings Support can be purchased through your channel partner.

Find details on our support offerings page: https://azure.microsoft.com/en-us/support/plans/government/ 58

Summary of User Management Add an identity to your Gov Azure Active Directory (AAD) tenant: Login to the Management Portal using the credentials provided Select Active Directory from the tabs on the left navigation Click on the arrow next to your domain name Click on Users tab on the upper navigation Click Add User on the bottom of the screen Fill out the various fields, clicking next to walk through the process noting the selection of User Role based on the description in the Onboarding Guide Click Create to create the account and generate a temporary password (note that if you allow the portal to send the credentials directly to a user that the email will include a link to the commercial management portal by mistake) Grant an identity for access to the Management Portal and/or Subscriptions: Login to the Management Portal using the credentials provided Select Settings from the tabs on the left navigation Click on Administrators from the upper navigation Click Add on the bottom of the screen Enter the identity you would like to add as a Co-Admin and select the subscription(s) to which to add them noting that the identity must first exist in the AAD tenant per the first set of instructions Grant an identity for access to the Enterprise Portal: Login to the Enterprise Portal using the credentials provided Select Manage from the left navigation and then select the Enrollment panel Click on Add Administrator Enter the identity to be added and select the role (Enterprise Admin or Department Admin) noting that the Enrollment Authentication Level should be set to Work or School Account Cross Tenant. Add an account to the Enterprise Portal: Login to the Enterprise Portal using the credentials provided Select Manage from the left navigation and then select the Account panel Click on Add Account Enter the identity to be added noting that the identity must first exist in the AAD tenant per the first set of instructions Using In-Private browsing in IE or similar functionality in another browser, login to the Enterprise Portal again using the identity just added as an Account If this identity was also added as an Enterprise or Department Admin, then click on the account name from the list to Activate the account 59

Microsoft Azure Services and Support Resources Support Microsoft Azure Government Support – Please submit a request directly in the Azure Portal (azure.portal.us)

Helpful Links Microsoft Azure Enterprise Portal – To view your enterprise level accounts, subscriptions, monetary commitment and overage balances and to create accounts https://ea.azure.com Microsoft Azure Account Portal – To create additional subscriptions and rename existing subscriptions https://account.windowsazure.us/ Microsoft Azure Management Portal – To deploy and host your applications once you have created a subscription on the Microsoft Azure Enterprise Portal https://manage.windowsazure.us Service Dashboard – Current status on the health of Microsoft Azure Services can be viewed at the service dashboard at http://azure.microsoft.com/support/service-dashboard/ If you wish to receive notifications for interruptions to any of the services, you can subscribe to the respective RSS feeds from that page Service Level Agreements – To view service level agreements associated with Microsoft Azure services, go to the SLA homepage at http://azure.microsoft.com/support/legal/sla/ Services Deployed in Azure Gov – To view services that have been deployed into the Azure Gov environment, go to the Azure Regions page at http://azure.microsoft.com/regions/#services

© 2016 Microsoft Corporation. All rights reserved. Microsoft, Microsoft Azure, Microsoft Azure logo, Windows Live, and SQL Azure are trademarks of the Microsoft group of companies. All other trademarks are property of their respective owners. Microsoft makes no warranties, express or implied. You may copy and use this document for your internal, reference purposes only.

60

Appendix for Managed Service Provider (MSP) Enrollments Now that you are part of the Microsoft MSP program, you can open your business to new customer paths, services, and revenue lines, create a more direct path to government agencies, increase your overall efficiency, and offer faster delivery of services. Benefits of the program include the following:

Access Microsoft Business Investment Funds (BIF)

Partner with Microsoft sales teams to develop a go-tomarket strategy

Build a high-quality relationship with the end customer

Resell discounts on Azure Government and Azure commercial services

Qualify for additional sales and service incentive offers

61

MSP - Manage Departments Panel The Department focus allows you to operate at the department level. The new default iconic view uses color to show active departments in green and inactive departments in orange. If you prefer a list view you can toggle to that view.

Your view focus will be highlighted in blue

Clicking on the Department will open a Details view where you can view and edit details

MSP Departments are identified with the MSP badge

Default view uses Icons. You can toggle to a list view here

Filter to show only active status items

You can add Departments and Department Admins here. Clicking on add will bring a slide out from the right hand side of the screen with an action box to fill in details.

62

MSP - Add Department As an MSP enrollment when you add a department there is additional information needed for each department you define as an MSP department When you click the add department button and select yes for MSP the information items will below it will appear. ***If you do not see the MSP option, then you will need to fill in a Support Request (http://aka.ms/azuregovsupport) to setup your tenant as an MSP***

Contact Information has required fields with are noted with an * It is important that the Company Name and Address are recognizable by Microsoft for internal reporting purposes

Although all other fields are optional there may be important fields for your use in managing MSP departments

63