How to Create a Work/School Tenant

Question

I created a subscription with my personal email off my custom domain

I choose option Work/School account and it was created an unmanaged tenant (I Think)

I do not have a MS365Account

In the Az Portal -> Active Directory -> Users

My user has no asssigned roles (Is not Global Admin)

In the Az Portal -> Active Directory -> Manage Tenants

My default tenant has my user as owner

I am not able to link my sbscription to the default tenant because:

Error message:

<<<

Link subscription

The subscription is not registered to use namespace 'Microsoft.AzureActiveDirectory'.

See https://aka.ms/rps-not-found for how to register subscriptions.

note:

my custom domain is already validated in Az Portal

How can I associate my work/school tenant to my custom domain?

How can I have my user (that is the owner of the tenant) as Global Admin?

Can You give me references to How To Do Documentation?

I was very happy with my personal account tenant, but it has limitations when I started to use msgraph explorer.

Is that the reason because I am creating a work/school tenant

Thank You very much for your time.

Answer 1

@PauloMatos

Thanks for your time and patience, PFB answers inline :

1. Link subscription error: The subscription is not registered to use namespace 'Microsoft.AzureActiveDirectory'. See https://aka.ms/rps-not-found for how to register subscriptions. There are a number of "Providers" which Azure has under the hood and, understandably, not all of them are applicable to everyone so not all of them are enabled by default. Kindly follow Solution to have the subscription added to your resource provider
2. The Tenants are not personal neither work/School, what are personal or work/School are the user accounts. Is correct? Yes tenant is an umbrella under which the organizations entity such as users, licenses and subscriptions are saved. In Azure AD users created as work/school accounts belong to the organization. Azure AD offers following type of users:

Work account : A work account can access resources in a tenant, and with an administrator role, can manage tenants.

1. Guest account : A guest account can only be a Microsoft account or an Azure AD user that can be used to share administration responsibilities such as managing a tenant.
2. So, when we create a Tenant it is owned my the user who created it (and we can associate a custom domain to it) and the tenant can have work/school account if we create member users on that Tenant on that custom domain. Is correct? When you create a new Azure AD tenant, you become the first user of that tenant. As the first user, you're automatically assigned the Global Administrator role. Check out your user account by navigating to the Users page. By default, you're also listed as the technical contact for the tenant. Technical contact information is something you can change in Properties. Azure Active Directory (Azure AD) tenants come with an initial domain name, <domainname>.onmicrosoft.com. You can't change or delete the initial domain name, but you can add your organization's names. Adding custom domain names helps you to create user names that are familiar to your users, such as ******@contoso.com. After you create your directory, you can add your custom domain name

1. When we add a P1 or P2 licence to a tenant we pay per user associated to the licence or we pay allways the minimum value of USD600 per/month correspondent to 100 reserved users of P1 Tier? Billing is done based upon the number of licenses purchased in the subscription regardless of the assignment. Kindly follow our pricing calculator for estimated subscription cost.
2. Why exist two entries in AAD to manage Apps (register Apps & enterprise Apps) we have to manage different features of the same app in both options... An App Registration is a way of reserving an application in Azure AD. The registration enables Azure to communicate with the application and pass tokens to it. When you have an application that you are developing and want to integrate it with Azure, you must register your application in the App Registrations experience. There you will configure your Redirect URI (the address where your users will be sent immediately after they have logged in and authenticated), logout URL (the address where your users will be sent after they have logged out), API access if needed, and custom app roles for assigning permission to users or apps. When you register your application, Azure AD assigns a unique Application ID to it and allows you to add certain capabilities such as credentials, permissions/roles, and sign-ons. The default settings allow only users from the tenant under which your app is registered to sign into your application, but that can be changed to restrict access to particular users. The Enterprise Applications blade might be confused with App Registrations because the Enterprise Application blade contains the list of your Service Principals (which get created when you register your applications). However, the term Enterprise App generally refers to applications published by other companies in the Azure Active Directory gallery that can be used within your organization. For example, if you want to integrate an application such as Facebook or Microsoft Teams and manage SSO within your organization, you can integrate it from the Enterprise Applications dropdown in the applications blade. Your own applications (which you registered) will also be represented in the Enterprise Applications blade as Service Principals, which are instantiations of your applications in the tenant.

Please do let me know if you have any queries in the comments section.

Thanks,

Akshay Kaushik

Please "Accept the answer" (Yes/No), and share your feedback if the suggestion works as per your business need. This will help us and others in the community as well.