Azure VM & AAD of another tenancy

Rob Brown 21 Reputation points

One of my C-Suite has asked/instructed for something to be done which I'm not sure is possible and I'm looking for some confirmation.

VM-1 is in Tenancy Alpha, with AAD

C-Suite wants VM-1 to remain in Tenancy Alpha but be connected to Tenancy Beta's AAD

To the best of my knowledge, you can't have a VM use an AAD from a totally different tenancy?

Azure Active Directory
Azure Active Directory
An Azure enterprise identity service that provides single sign-on and multi-factor authentication.
14,682 questions
Azure Virtual Machines
Azure Virtual Machines
An Azure service that is used to provision Windows and Linux virtual machines.
5,248 questions
Azure Role-based access control
Azure Role-based access control
An Azure service that provides fine-grained access management for Azure resources, enabling you to grant users only the rights they need to perform their jobs.
449 questions
0 comments No comments
{count} votes

Accepted answer
  1. 34649230 451 Reputation points


    You can do it with Azure b2b collaboration, but it is a bit of mess, before you continue with any configuration you have to design it, in order to avoid security leaks.

    If is the same as you do a forest trust between forest domains.

    Below you will find a link with the appropriate documentation:

    After you make the configuration you can use the resources from the other tenant to the VM or any other resources.

    Last but not least check also the limitations.


2 additional answers

Sort by: Most helpful
  1. Rob Brown 21 Reputation points

    nods no native option though - and I really have no desire to go down any route that makes life harder than it needs to be. No benefit to be had there really.

    Moving the VM(s) and associated components would be less grief.

    0 comments No comments

  2. 34649230 451 Reputation points

    Yes I agree totally with you...
    It is a mess :)

    0 comments No comments