Subscription Provisioning Automation Task:

Problem statement: Subscription provisioning automation task is encountered when isolation is required between the billing profiles in the Azure public cloud cost management system.  This example describes how to achieve it

Description: The automation of this task relies on the notion that a subscription within Azure is a resource just like any other Azure Resource Management definition. Usually, it is created by the account owner who signed up with a Microsoft Customer Agreement or registered with Azure via the Azure Portal. A subscription is a way of organizing Azure resources and supports a billing method. Organizations create additional subscriptions when they expand their management group hierarchy to support business priorities. 

The task of creating a subscription can be automated programmatically. It requires the following parameters:

 {

      "name": "SubscriptionProvisioning",

      "displayName": "__GroupSubscription_NAME__",

      "initialOwnerPrincipalId": "__BILLING_initialOwnerPrincipalId__",

      "workload": "DevTest",

      "billing": {

        "scope": "/billingAccounts/__BILLING_costManagement__:__BILLING_billingScope___2019-05-31/billingProfiles/__BILLING_Profile__/invoiceSections/__BILLING_Invoice__",

        "pcCode": "P7007777",

        "costCategory": "FX",

        "airsRegisteredUserPrincipalId": "__BILLING_airsRegisteredOwnerPrincipalId__"

      }

    }

Where the parameters are explained as 

“displayName”: the name with which the account will be displayed for finding it in the list of subscriptions pertaining to the account.

“initialOwnerPrincipalId”: the initial owner for the subscription who can add additional owners as necessary. Usually this is the same principal that is associated with the account in the first place.

“workload”: describes the environment as production or development purposes.

“billing.scope”: refers to the invoice scope and is resolved by the cost management hierarchy comprising of the cost management account, billing scope, billing profile and invoice. All of these are object identifiers in the form of GUIDs. The billing invoice profile guid corresponds to the service identifier in the service tree registrations maintained by Azure.

“airsRegisteredUserPrincipalId”: refers to the service principal who requested the cost management plus billing profile to be setup at https://azuremsregistration.microsoft.com/Request.aspx

 

With these parameters, it is a simple pseudo-resource registration step to provision a subscription automatically.

Conclusion: Changing business priorities can now be handled with isolation of assets via additional subscriptions provisioned with the help of the automation described here.