![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(6.4, 28.000000000000004%, 10%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAI%3C/text%3E%3C/svg%3E)
Community Center | Not monitored
Tag not monitored by Microsoft.
The two statements describe different things and there is no functional contradiction once the hierarchy is separated clearly:
- Relationship between subscription and tenant
- An Azure subscription is always linked to exactly one Microsoft Entra tenant at any given time.
- This tenant acts as the identity provider for that subscription (users, service principals, devices, etc.).
- This is stated consistently in multiple places:
- “Each Azure subscription is linked to a single Microsoft Entra tenant, which acts as an identity provider (IdP) for your Azure subscription.”
- “An Azure subscription can only trust one Microsoft Entra tenant at a time…”
- Relationship between tenant and subscriptions
- A single Microsoft Entra tenant can have multiple Azure subscriptions associated with it.
- Multiple Microsoft cloud subscriptions (Microsoft 365, Dynamics 365, multiple Azure subscriptions) can all use the same Microsoft Entra tenant as a common identity provider.
- What “within an Azure subscription, you can create multiple Microsoft Entra tenants” is trying to convey
- Technically, Microsoft Entra tenants and Azure subscriptions are separate constructs:
- A Microsoft Entra tenant is an instance of Microsoft Entra ID (directory of identities, apps, groups, etc.).
- A subscription is a billing and resource container that is associated with one tenant.
- Tenants are not created inside a subscription. Instead:
- A tenant can exist without any Azure subscription attached.
- A subscription must always be associated with exactly one tenant.
- Therefore, the wording “within an Azure subscription, you can create multiple Microsoft Entra tenants” is misleading. The accurate model is:
- Multiple tenants can exist in the same overall organization or billing enrollment.
- Each individual subscription is associated with one of those tenants at a time, and can be transferred to a different tenant (with restrictions) but never associated with more than one simultaneously.
- Technically, Microsoft Entra tenants and Azure subscriptions are separate constructs:
- Correct mental model
- Organization / billing enrollment → can contain multiple Microsoft Entra tenants.
- Each Microsoft Entra tenant → can have many subscriptions.
- Each subscription → is associated with exactly one tenant at any point in time.
So the second statement (“At any given time, an Azure subscription must be associated with one, and only one, Microsoft Entra tenant”) is correct. The first statement is imprecise and should be read as describing that multiple tenants can exist in the same overall environment, not literally inside a single subscription.
References:
- Associate or add an Azure subscription to your Microsoft Entra tenant
- Subscriptions, licenses, accounts, and tenants for Microsoft's cloud offerings
- Define Microsoft Entra tenants
- Subscription considerations and recommendations
- Use multiple Azure subscriptions
- Frequently asked questions about Microsoft Entra ID