The Azure Portal is the Microsoft provided user interface to interactive manage Azure resources. There are a wide diversity of Azure APIs too numerous to list, which provide non-interactive management of Azure resources. This page covers topics specific to UW use of the Azure Portal and Azure APIs.
Most users who access the UW Azure Portal or Azure APIs are doing so to manage Azure resources, whether those are in a Student subscription, Enterprise Agreement subscription, or a Sponsored subscription.
Sign in recommendation
You can sign into the Azure Portal and other Microsoft management interfaces via the UW Entra ID. UW Entra ID provides a variety of types of identities for sign in. This includes Entra users, Entra workload identities, Entra devices, and Entra applications. Many of those types of identities have further notable types of identities within them, with Entra users as perhaps the most notable, with all the documented types of UW NetIDs as well as Entra guest users, and UW users which are only in Entra.
Which identity you are recommended to use to sign into the Azure Portal or Azure APIs depends heavily on the use case.
| Type of identity | Appropriate Use Cases |
| Shared UW NetID | Not appropriate for any Azure Portal or Azure API use cases. On 10/15/2024, these will stop being an option due to Microsoft requiring MFA to access the Azure Portal. We recommend that you immediately transition away from any Azure Portal processes dependent on Shared UW NetIDs, and also transition away for non-interactive use cases involving Azure APIs. |
| Application UW NetID | Not appropriate for any Azure Portal or Azure API use cases. On 10/15/2024, these will stop being an option due to Microsoft requiring MFA to access the Azure Portal. We recommend that you immediately transition away from any Azure Portal processes dependent on Shared UW NetIDs, and also transition away for non-interactive use cases involving Azure APIs. |
| Admin UW NetID | Recommended for interactive sign in to Azure Portal. All ‘Enterprise Agreement’ subscriptions should use Admin UW NetIDs. Not appropriate for non-interactive use cases. |
| Personal UW NetID | Recommended for interactive sign in to Azure Portal or Azure API for subscriptions based on the ‘Azure for Students’ or ‘MSDN’ offer. Whether these identities are appropriate for other use cases depends on the details. If your personal UW NetID is not eligible for Duo, you can contact UW-IT to be considered for Duo eligibility. |
| Entra guest users | Not generally recommended, but may be needed depending on the circumstances. Guest users can register Microsoft Authenticator without licensing issues here at the UW. |
| Entra only users | These may be appropriate for high-risk use cases. Contact the Microsoft Platforms unit within UW-IT to discuss further. |
| Entra devices | Entra devices interact with a variety of Azure APIs by default. |
| System-assigned managed identity | Your use case is non-interactive using Azure APIs. You have one Azure resource that is inherently linked to another Azure resource, e.g. an Azure VM needs to access its Azure storage. |
| User-assigned managed identity | Your use case is non-interactive using Azure APIs. You are writing code, i.e. programmatically accessing a resource (Azure or otherwise). |
| Entra application | Your use case is non-interactive using Azure APIs. You are writing code and need OAuth permissions outside those available via Azure RBAC roles. |
Security recommendations
Please see https://itconnect.uw.edu/tools-services-support/it-systems-infrastructure/msinf/azure/#security for Azure security recommendations.