Some of Microsoft’s new subscriptions, like its DreamSpark and CSP-style subscriptions, don’t offer access to the ‘classic’ Windows Azure Management website. But alas, some of the management tasks for implementing Multi-factor Authentication (MFA) for your organization can only be performed in that portal. Setting up an Azure MFA Provider to implement MFA Server on-premises is one such scenario, and a fairly common one: You can’t download and connect your on-premises MFA Servers without an MFA Provider.
However, you might hit the No subscriptions found. screen when you follow a link from the new Azure Portal to the classic portal, or when you navigate directory to the ‘classic’ Azure Management website:
This blogpost shows you how to overcome that hurdle, by creating an Azure Active Directory-only Azure subscription.
About Azure AD-only Azure subscriptions
Azure AD-only subscriptions are special subscription that give access to Azure Active Directory only. With a special Azure offer code, you can sign up for such a subscription. Signing up does not require a credit card.
This subscription has the following characteristics:
- It is a regular Azure subscription
- It has a subscription ID that can be managed and associated with EA
- It will not expire or incur charges
- It can only manage Azure AD services
- You can assign licenses for Azure AD Basic or Free since these are purchased over licensing agreements as opposed to Azure consumption
- You cannot create any other Azure resources except those related to Azure AD
- You can add other co-admins and change the service admin from the account portal
- The account that signed up for this subscription is also the account admin and has access to the account portal
Signing up for an Azure AD-only Subscription
Perform these steps to sign up for an Azure AD-only subscription:
- Make sure you use a clean browser or browser tab where you are not already signed in to any Microsoft services, either Azure AD-based or Microsoft Account (MSA)-based. My recommendation is to use an InPrivate browser session.
- Navigate to the following URL:
- Select Sign in with your organizational account and sign in with the Global Administrator account of your Azure AD tenant.
- Complete the Azure sign up form and press the Next button to complete the first piece of the form.
- Now, enter your phone number and press the Next button in the second piece of the form.
- Press the Sign up button.
- You will be forwarded to the Azure Account portal while your subscription is set up. This will only take a few minutes. After this brief period of time, you will receive an e-mail message and the screen will change.
- At this moment, go to your browser’s address bar, and change the URL to https://manage.windowsazure.com.
- You can opt to take the Windows Azure tour, or skip it by pressing the little x in the right top corner of the modal screen.
- You can close the New pane that appeared from the bottom, and you can certainly close the blue Portal modal that lures you to the New Azure Portal.
- In the left navigation pane, click on Active Directory.
- From the menu items below active directory in the main screen, click on MULTI-FACTOR AUTH PROVIDERS.
- Click the link CREATE A NEW MULTI-FACTOR AUTHENTICATION PROVIDER.
- In the Name field, type something useful to name your MFA Provider. If your organization has a naming convention, follow that.
- Select the Usage Model.
- Click Create at the bottom of the screen.
Now, you now have access to manage the full feature set of Azure AD and Azure Multi-Factor Authentication. Go ahead and enjoy all the goodness Azure MFA Server has for you!
Multi-Factor Authentication – Access control | Microsoft Azure
Get started Azure Multi-Factor Auth Provider
Azure MFA – Auth Provider Creation
Hybrid Cloud Identity Part 3: Multi-factor Authentication
Customize Azure Multi-factor Authentication – Part 1