UW Azure

Last updated: November 27, 2023
Audience: All UW

Microsoft Azure cloud platform is more than 200 products and cloud services designed by Microsoft to meet computing needs, including virtual machines, database instances, storage, web applications, and more.

UW Azure allows UW units or individuals to manage their own Azure subscription using a UW managed identity.

An Azure subscription is a logical unit of Azure services that’s linked to an identity. The identity is in Microsoft Entra ID or a directory that’s trusted by Microsoft Entra ID, such as a work or school account. Subscriptions help you organize access to Azure cloud service resources, and help you control how resource usage is reported, billed, and paid. You can think of them as a container for the Azure services and resources you want to deploy. Your UW identity can own or have access to multiple Azure subscriptions.

UW Azure topics

All subscriptions in UW Azure are in the uw.edu Entra ID tenant, with a subscription owner that has an @uw.edu account. Should the owner of a UW Azure subscription leave the university without transferring ownership to another UW employee, UW-IT can assist in re-assigning ownership. The UW-IT Office of Information Security also has the ability to quickly get audit logs and vulnerability information from any UW Azure subscription. For UW Azure subscriptions which are in the enterprise agreement, there is paid Unified Enterprise Support coverage to get Microsoft support for issues. You can also only use Software Assurance cost benefits with an UW Azure subscription.

Azure subscriptions with an owner that is not a @uw.edu account, do not have:

  • UW-IT assistance with ownership re-assignment
  • UW-IT access to security logs and vulnerability information
  • Paid Unified Enterprise Support coverage to get Microsoft support for issues
  • Software Assurance cost benefits

There are four types of subscriptions within UW Azure:

  • Enterprise agreement: Azure subscriptions covered under the UW contract with Microsoft, with charges to a UW Workday worktag. The UW contract includes HIPAA BAA coverage as well as other protections. See Azure Subscription – Service Portal (service-now.com) for more about this option and to request an enterprise agreement UW Azure subscription. Enterprise agreement subscriptions also are eligible for Unified Enterprise Support coverage to get Microsoft support for issues. Customers who open support cases from their Azure subscription should result in a case with the broadest set of support Microsoft provides. Customers who do not have Unified Enterprise support get minimal assistance from Microsoft and must pay for this type of support.
  • UW-IT managed: These are Enterprise agreement subscriptions which are operated by a UW-IT team. UW-IT provides labor & expertise to help operate the core services in these subscriptions, while you may provide the expertise for specific service or application workloads. See Windows Managed Servers – Service Portal (service-now.com) for more about this option and to request a UW-IT managed UW Azure subscription.
  • Generic pay-as-you-go or free offer subscriptions: Azure subscriptions which either have free credits from Microsoft and/or are funded by a credit card. These subscriptions do not have Unified Enterprise Support coverage to get Microsoft support for issues. See the link for offers below to get one of these types of subscription. These generally are not recommended if you are eligible for one of the other types of subscriptions, but the free credit offers are a great way to explore and get experience, before committing to one of the other types. Do note that some of the free subscription offers require a credit card. The Azure for Students offer does not require a credit card, but these subscriptions do expire after 12 months.
  • Grant funded subscriptions: Azure subscriptions which are funded by a Microsoft grant or a NIH grant. There tend to be special details for these types of subscriptions. See Azure Subscription – Service Portal (service-now.com) for more about this option and to request an UW Azure subscription funded via a grant. An UW Azure STRIDES subscription enrollment option is available for NIH grants.

If you want to check which kind of Azure subscription you have, you can review the “Offer” information on the overview page of your Azure subscription. See https://azure.microsoft.com/en-us/support/legal/offer-details/ for all the possible active offers from Microsoft. We use offers to help organize the Azure Management Group structure at the UW.

There are ways to shift between the types of offers, so if you start with a free or pay-as-you-go subscription, you can later switch to an enterprise agreement subscription. You’ll need to talk to UW-IT for help doing this.

As noted above, you’ll want to ensure your Azure subscription has an @uw.edu account as owner so that the UW-IT Office of Information Security has visibility to your cloud-based computing resources. This will improve vulnerability awareness and shorten the timeline for any data breach that might occur.

For security purposes, you will also want to review which accounts have access to your subscription, particularly Owner, Contributor, or “classic administrator” roles such as co-administrator, or service administrator. Reviewing and removing unnecessary access is recommended. We recommend you require anyone with Contributor or greater role access to your subscription have 2FA to sign in. UW-IT managed Azure subscriptions require that only admin UW NetIDs have those roles. If you need to require 2FA for admin UW NetIDs, please consult https://itconnect.uw.edu/tools-services-support/it-systems-infrastructure/msinf/aad/authn/2fa/admin-netids/.

There are multiple ways to reduce your costs in Azure. In addition to leveraging the UW enterprise agreement to ensure costs are paid by a UW Workday worktag, you can:

  • Make use of reservations. By making a commitment to run a resource for 1 year or 3 years, you can get a large discount on the costs.
  • Azure hybrid benefits. If you are in UW Azure, you can apply the Software Assurance benefits from the UW campus agreement to your Windows Server or SQL Server license costs in Azure. There’s an Azure Hybrid Benefit Savings Calculator to help you determine the overall savings.
  • The Pricing Calculator provides estimates in all areas of Azure, including compute, networking, storage, web, and databases.
  • Leverage the budgeting features in Microsoft Cost Management to help plan and drive organizational accountability. With budgets, you can account for the Azure services you consume or subscribe to during a specific period. Monitor spending over time and inform others about their spending to proactively manage costs. Use budgets to compare and track spending as you analyze costs.
  • If you are eligible for an Azure subscription with free credits, you may want to consider whether some of your Azure resources are eligible to run under those subscriptions to leverage the value of those credits.