Microsoft Azure -Setup Configure an Azure Subscription

on

Post describes Azure subscriptions and types, registering Azure resource providers, and configuring diagnostic settings (Azure portal and PowerShell). Before we get started, let's learn some basics about Azure subscriptions.

What is a Subscription in Azure?

To use Azure, you need an Azure subscription. An Azure subscription is a logical grouping of Azure services that is linked to an Azure account. It allows you to provision resources, such as virtual machines, databases, and storage accounts. A subscription provides you with authenticated and authorized access to Azure products and services. Azure generates separate billing reports and invoices for each subscription.

An Azure subscription is a billing plan for using Azure services. It is a way for organizations to purchase and manage access to Azure services and resources. Subscriptions typically include a set amount of financial resources, such as a monetary credit or a set number of service-level agreements (SLAs). Subscriptions can be used to manage access to Azure services by different teams or users within an organization.

Types of Azure Subscription(s):

  • Free: This subscription provides access to a limited number of Azure services at no cost. For this an email address and a credit card are required to sign up for a free trial subscription which provides $200 credit for the first 30 days and 12 months of restricted access.
  • Pay-As-You-Go: This subscription allows users to pay for Azure services on a pay-per-use basis. This is the most common type of subscription and allows users to start and stop services as needed.
  • Enterprise Agreement: This subscription is intended for large organizations and allows for enterprise-wide agreements and discounted pricing.
  • Cloud Solution Provider (CSP): This subscription is intended for organizations that want to resell Azure services to their own customers.
  • Azure Government: This subscription is intended for government agencies and provides access to Azure services that are compliant with government regulations.
  • Azure Germany: This subscription is intended for organizations that want to store data in German data centers and comply with German data protection laws.
  • Azure China: This subscription is intended for organizations that want to store data in Chinese data centers and comply with Chinese data protection laws.

What are Azure Subscription Boundaries?

Azure subscription boundaries are limits on the resources that can be consumed within an Azure subscription. These limits ensure fair resource usage and prevent one subscription from consuming an excessive amount of resources at the expense of other subscriptions. Limits vary depending on the Azure subscription and service plan. Some limits can be increased by submitting a support request to the Azure support team.

There are two types of subscription boundaries:

  1. Billing boundary
  2. Access control boundary

You can create separate subscription based on:

  • Environment: development and testing, security, or to isolate data for compliance reasons.
  • Organizational structures: IT, HR, Admin,...,etc.
  • Billing: to manage and track costs of azure environment resources, for example – Production, Test and Dev

Register Azure Resource Providers

Follow these steps for registering and enabling the Azure resource providers in your existing or new Azure Subscription.

Step 1: Login to Azure Portal and navigate to Azure Subscriptions.

Step 2: Select the Azure subscription for which you want to register the resource providers.

Step 3: Search for the following resource providers and register them one by one.
  • Microsoft.KeyVault 
  • Microsoft.AlertsManagement
  • Microsoft.Authorization
  • Microsoft.PolicyInsights
  • Microsoft.Security
  • Microsoft.Network
  • Microsoft.Compute
  • Microsoft.Storage
  • Microsoft.Advisor
  • Microsoft.ResourceHealth
  • Microsoft.RecoveryServices
  • Microsoft.OperationsManagement
  • Microsoft.OperationalInsights
  • Microsoft.Automation
  • Microsoft.DevTestLab
  • Microsoft.Migrate
  • Microsoft.OffAzure
  • Microsoft.Management
  • Microsoft.Insights
  • Microsoft.WorkloadMonitor
  • Microsoft.Capacity
  • Microsoft.ManagedIdentity
  • Microsoft.SqlVirtualMachine
  • Microsoft.ChangeAnalysis
  • Microsoft.ADHybridHealthService
  • Microsoft.Billing
  • Microsoft.ClassicSubscription
  • Microsoft.Commerce
  • Microsoft.Consumption
  • Microsoft.CostManagement
  • Microsoft.Features
  • Microsoft.MarketplaceOrdering
  • Microsoft.Portal
  • Microsoft.ResourceGraph
  • Microsoft.Resources
  • Microsoft.SerialConsole
  • Microsoft.Support
  • Microsoft.GuestConfiguration
You can create automation script to save time.

Configure Azure Subscription Diagnostic Settings

Step 1: Select your Azure Subscription >> Activity log >> click on configure Diagnostic settings >> click on "Add diagnostic setting".

Step 2: To enable the diagnostics settings provide the add the Name for the diagnostics settings

Select the Category logs that you wish to collect logs:

  • Administrative
  • Security
  • ServiceHealth
  • Alert
  • Recommendation
  • Policy
  • Autoscale
  • ResourceHealth

Send to Log Analytics workspace:

  • Subscription: select your target Log Analytics Subscription
  • Log Analytics workspace: select your target Log Analytics
Step 3: Save the changes. That's it you are done configuring the diagnostics for Azure Subscription. For automation you can find the scripts below.

Enable Azure Subscription Logs using PowerShell:


Set-AzContext -SubscriptionName "add log analytics subscription"
$Law = Get-AzOperationalInsightsWorkspace -ResourceGroupName "add log analytics rg" -Name "add log analytics name"
$LawId = $Law.ResourceId
$LawId

$SubName = "add azure subscription name"
Set-AzContext -SubscriptionName "$SubName"
$DiagName = "add subscription diagnostics name"
$SubId = (Get-AzSubscription -SubscriptionName "$SubName").Id
$SubResourceId = "/subscriptions/$SubId"
$SubResourceId

$log = New-AzDiagnosticSettingLogSettingsObject -Enabled $true -Category "Administrative"
$log
New-AzDiagnosticSetting -Name $DiagName -ResourceId $SubResourceId -WorkspaceId $LawId -Log $log

Remove Azure Subscription Diagnostics using PowerShell


$SubName = "add azure subscription name"
$SubId = (Get-AzSubscription -SubscriptionName "$SubName").Id
$SubResourceId = "/subscriptions/$SubId"
Remove-AzDiagnosticSetting -ResourceId $SubResourceId -Name "add subscription diagnostics name"

Enable Diagnostic Logs across Azure Subscription(s) using PowerShell:


Set-AzContext -SubscriptionName ""
$Law = Get-AzOperationalInsightsWorkspace -ResourceGroupName "" -Name ""
$LawId = $Law.ResourceId
$LawId

$Subscriptions = Get-AzSubscription | Select-Object -Property Name, Id
ForEach ($Subscription in $Subscriptions) {

    $SubscriptionName = $Subscription.Name
    $SubscriptionId = $Subscription.Id
    Set-AzContext -SubscriptionName $SubscriptionName
    $DiagName = ""
    $SubResourceId = "/subscriptions/$SubscriptionId"
    $SubResourceId
    
    $log = New-AzDiagnosticSettingLogSettingsObject -Enabled $true -Category "Administrative"
    $log
    New-AzDiagnosticSetting -Name $DiagName -ResourceId $SubResourceId -WorkspaceId $LawId -Log $log
}

Remove Diagnostic Logs across Azure Subscription(s) using PowerShell:


$Subscriptions = Get-AzSubscription | Select-Object -Property Name, Id
ForEach ($Subscription in $Subscriptions) {

    $SubscriptionName = $Subscription.Name
    $SubscriptionId = $Subscription.Id
    Set-AzContext -SubscriptionName $SubscriptionName
    $DiagName = ""
    $SubResourceId = "/subscriptions/$SubscriptionId"
    $SubResourceId
    
    Remove-AzDiagnosticSetting -ResourceId $SubResourceId -Name $DiagName
}

Create Budget Alerts to Monitor Azure Subscription Costs

Creating a budget and setting alerts will help you or your team to monitor cost of resources in azure that are being used. Follow these steps to create a budget alert for your azure subscription.

Login to Azure Portal or access azure portal at portal.azure.com >> Navigate/Access Subscriptions >> Select your Azure Subscription >> Cost Management >> Budgets >> +Add >> Create a budget >> fill up the details >> Set alerts >> fill up the details >> Click on Create.

Configured budget evaluation will begin once it reaches the budget amount threshold you will be notified through email.