Share via

Azure subscriptions and AAD tenants

X-Box-11-2021 405 Reputation points
2023-06-29T21:47:29+00:00

Hi,

Can someone please explain the relation between Azure subscriptions and Azure Active Directory tenants.

What I noticed:

  1. AAD tenant can exist without subscription. I noticed this when I logged in to portal.azure.com with my @hotmail.com email account.
  2. When subscription is created (for example if I create a new Azure account) a tenant is created automatically.

I also noticed that when I tried to create another subscription I had to specify directory which as I understand in this case means AAD tenant.

aad1

aad2

This makes me think that multiple subscriptions may be linked to one tenant.

At the same time I can create multiple AAD tenants but it is not clear for me how AAD tenants are correlated to subscriptions.

I would highly appreciate if someone could clarify that for me.

Microsoft Security | Microsoft Entra | Microsoft Entra ID
0 comments
Accepted answer
  1. JamesTran-MSFT 36,911 Reputation points Microsoft Employee Moderator
    2023-06-30T20:10:04.1466667+00:00

    @X-Box-11-2021

    Thank you for your post!

    To hopefully help point you in the right direction or resolve your issue, I'll share a summary below explaining the relationship between Azure Subscriptions and Azure Active Directory tenants.

    Azure Active Directory:

    Azure Active Directory is a cloud-based identity and access management service. An Azure AD Tenant is a dedicated and trusted instance of Azure Active Directory which will include your users, groups, and applications.

    • As you mentioned - you were able to create multiple Azure AD tenants. Each of these tenants will have their unique users, groups, and applications separate from your other tenants.

    Introduction to Azure Active Directory Tenants

    User's image

    Azure Subscription:

    An Azure Subscription is associated to an Azure Offer (i.e. free trial or pay-as-you-go), will contain your payment information, scale limits (i.e. resource deployment limit), any administrative boundaries (i.e. policies), and will be the container for your Azure resources.

    User's image

    Relationship between Azure Subscriptions and Azure Active Directory tenants:

    When it comes to the relationship between these two services - Azure subscriptions have a trust relationship with an Azure Active Directory instance (Azure AD tenant). Subscriptions rely on this relationship with Azure AD to authenticate and authorize users, groups, applications, etc.

    Note: As shown in above, Azure AD can have a 1:M relationship, but a Subscription can only trust one Azure AD tenant.

    User's image

    Related Stack Overflow Issue:

    Additional Links:

    I hope this helps!

    If you have any other questions, please let me know. Thank you for your time and patience throughout this issue.

    If the information helped address your question, please Accept the answer. This will help us and also improve searchability for others in the community who might be researching similar information.

1 additional answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Dillon Silzer 57,831 Reputation points Volunteer Moderator
    2023-06-29T22:12:00.0833333+00:00

    Hopefully this documentation helps you:

    Associate or add an Azure subscription to your Azure Active Directory tenant

    https://learn.microsoft.com/en-us/azure/active-directory/fundamentals/active-directory-how-subscriptions-associated-directory

    User's image

    You can have many subscriptions to one Azure AD, and a one-to-one relationship. However, you cannot have many Azure ADs to one subscription as seen above.

    If this is helpful please accept answer.

    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.