Azure VM & AAD of another tenancy

Question

One of my C-Suite has asked/instructed for something to be done which I'm not sure is possible and I'm looking for some confirmation.

VM-1 is in Tenancy Alpha, with AAD alpha.com

C-Suite wants VM-1 to remain in Tenancy Alpha but be connected to Tenancy Beta's AAD Beta.co.uk

To the best of my knowledge, you can't have a VM use an AAD from a totally different tenancy?

Answer 1

Hi,

You can do it with Azure b2b collaboration, but it is a bit of mess, before you continue with any configuration you have to design it, in order to avoid security leaks.

If is the same as you do a forest trust between forest domains.

Below you will find a link with the appropriate documentation:
https://learn.microsoft.com/en-us/azure/active-directory/external-identities/what-is-b2b

After you make the configuration you can use the resources from the other tenant to the VM or any other resources.

Last but not least check also the limitations.

BR,

Answer 2

nods no native option though - and I really have no desire to go down any route that makes life harder than it needs to be. No benefit to be had there really.

Moving the VM(s) and associated components would be less grief.

Answer 3

Yes I agree totally with you...
It is a mess :)