Azure Billing and Management

The goal of this post is to serve as a quick guide to gaining access to all Azure subscriptions.

The Context

By default, when someone creates a subscription or object in Azure, only that user has access to it. A little over a year ago I reached out to Azure support asking if there is a way for an admin to see everything that any user creates. Their response was “no” and that if the user containing the subscription is deleted, then the subscription is as well.

Cool cool cool cool cool. So I asked our developers to please add me as an admin on any subscriptions that they create. As you’d expect, this didn’t work. They’ve created several subscriptions and either forgot or didn’t take the time to add me to them.

This lead to today, where I was asked about our Microsoft billing. I asked the developers if they had subscriptions that I didn’t have access to and if they could grant me access to them. “I’ll check today and get you added to things”. I didn’t want to have to wait to nag them again later, so I figured I’d do another search to see if things had changed.

The solution

Sure enough, they have changed! It looks like Microsoft posted a KB article on how to deal with this on 2019-12-03: “Elevate access to manage all Azure subscriptions and management Groups“.

This requires you to be a Global Admin and can only be enabled on the signed-in admin. If there are any other global admins that need access, they will have to walk through these steps themselves.

The steps:

  1. Log into the Azure portal
  2. Search for Azure Active Directory and click into it
  3. Under Manage click Properties
  4. At the bottom, enable Access management for Azure resources
  5. Click Save
  6. Log out and back in
  7. In the Azure portal, search for Subscriptions and click into it
  8. Click Switch directories
  9. Change the Default Subscription filter to All subscriptions

“That’s it”. You should now be able to see, access, and manage all Azure subscriptions.

SSH Reverse Proxy Tunnel

On occasion I need to test external access to my office or sometimes I’m on public Wi-Fi and want to securely browse the internet without connecting to a VPN. For times like those I use an SSH reverse proxy tunnel to a VPS and Firefox. This routes all of my Firefox traffic through my VPS securely over SSH.

All you need to accomplish this is an SSH server somewhere that you trust and Firefox. Once you have an SSH server up, go through these steps: