Azure at UCSB
The UCSB Campus Cloud Azure platform provides every subscription inside a shared management group hierarchy with pre-applied policies, networking, and security monitoring. Your team can start building right away with a consistent security baseline.
Campus Cloud Service Updates — June 2026
Please note: UCSB has updated its approach to purchasing paid cloud services from Microsoft Azure and Google Cloud. The Azure change took effect in January. The matching change for Google Cloud takes effect on Tuesday, June 16, 2026.
In both cases, new paid subscriptions and projects must go through the campus Gateway procurement process instead of being set up with a personal or departmental credit card. The campus agreements offer better pricing, give departments a clearer view of cloud spending, and protect users from unexpected charges on individual cards.
Microsoft Azure (in effect since January 2026)
- New paid Azure subscriptions can no longer be created with a credit card. Free Azure subscriptions can no longer be upgraded to paid subscriptions using a credit card. To set up a new paid Azure subscription, contact the Campus Cloud Team and use the Gateway procurement process.
- Existing Azure subscriptions are not affected, even if they have a credit card associated. Azure for Students is also not affected. Students with a verified ucsb.edu email can still sign up for Azure for Students and get $100 in credit for 12 months with no credit card required. Other educational subscription types, such as MSDN and Visual Studio Enterprise, are also unchanged.
Questions? Email info@cloud.ucsb.edu or open a ServiceNow request.
Key Facts
| Item | Value |
|---|---|
| Sign-in URL | portal.azure.com |
| Identity Provider | UCSB Microsoft Entra ID (Azure AD) |
| Allowed Regions | West US 2 (recommended), West Central US, East US 2, Central US |
| New Subscription Turnaround | ~2 business days after PO is approved |
Management Group Hierarchy
Azure subscriptions are organized into a management group hierarchy. Policies applied at a higher level are inherited by all subscriptions below it.
| Management Group | Purpose |
|---|---|
| UCSB Baseline V1 | Production workloads — research, administrative, and departmental subscriptions with full guardrails |
| UCSB Learning | Coursework, labs, and student projects |
| UCSB Sponsorship | Subscriptions funded through Microsoft sponsorship credits |
| UCSB Legacy | Pre-existing subscriptions that predate the Campus Cloud |
Your subscription is placed in the management group that matches your use case. Policies applied to the management group govern all resources in your subscription.
What Is Pre-configured
When your subscription is provisioned, the Cloud Team will:
- Assign four custom RBAC roles to your team (see First Steps)
- Enable Microsoft Defender for Cloud across all supported resource types
- Deploy Log Analytics workspace for security monitoring (90-day retention)
- Apply Azure Policy for NIST 800-171 audit compliance
- Connect networking — your subscription receives a Virtual Network with hub-spoke peering to the Campus Cloud Virtual WAN (if requested)
- Require Resource Group tags — policy audits RG creation for the four required tags
Resource Groups and Tags
All resources must be inside a Resource Group with the four required tags. Azure Policy audits this — Resource Groups missing tags will be flagged as non-compliant but can still be created.
See Tagging for the full list of required tags and allowed values.
Regions
Four regions are available: West US 2, West Central US, East US 2, and Central US. West US 2 is recommended for most workloads. All other regions are blocked by a Deny policy at the management group level.