This article explains how to link your O365 tenant to an existing Microsoft Azure subscription, so that you can manage your O365 users from within Azure. Why would you want to do this? Well, perhaps you just want to centralise your administration functions, but it also gives you other benefits, such as the ability to assign Multi-Factor Authentication (MFA) and to control the cloud applications to which the users have access.
Here’s how I did it…
I have an Office 365 Small Business tenant as well as a Microsoft Azure account that I fund through my MSDN subscription’s monthly credit. Until a couple of months ago I managed these as completely separate entities, logging in with separate credentials for each. Then a friend (thanks Kev!) sent me some information on how to link the O365 directory to my existing Azure account. The process is made possible by the fact that all O365 tenant identities are stored in Azure Active Directory (AAD). Here’s a brief overview of the process:
In this example I manage my existing Azure subscription using my Microsoft Account (formerly Windows Live ID) named email@example.com. My O365 tenant is named Badger Lafarge (badgerlafarge.onmicrosoft.com)
1. Sign in to Microsoft’s Azure Management Portal with your Account Administrator account, e.g. firstname.lastname@example.org
2. Select Active Directory from the left hand menu bar.
3. Choose New from the bottom menu bar.
4. Select APP SERVICES->ACTIVE DIRECTORY->DIRECTORY->CUSTOM CREATE
5. Choose Existing Directory from the drop down list
6. When re-directed to the sign-in page, sign-in with your O365 admin account credentials
7. Select continue when prompted and then sign back in with your Azure Account Administrator account
8. You should now see your O365 tenant listed as a new directory (see below)
That’s it! At this point you are ready to manage your O365 accounts via the Azure Portal (or via Powershell of course).
In a follow-up article I will explain how to enable these accounts for multi-factor authentication (MFA).