Will switching my Visual Studio Enterprise subscription to another Azure AD kill azure devops access?

Giles Middleton 231 Reputation points
2021-10-12T15:31:40.117+00:00

I have a visual studio enterprise subscription with free azure credits.
I am an admin of our azure devops portal.
I am not an admin of our company domain/azure
I created a SQLServer managed instance.
I wanted to try out different Authentication methods.
I am unable to allow the MI to access to the company azure AD as I lack permissions.
So I thought I’d create a test azure AD to play with.
Turns out when I switch to that AD I can’t see my SQL server managed Instance.

  1. I assume I need to go to my subscription and change it’s AD to the new test domain, and that my SQL server managed instance may suddenly be visible there? Or will I have to recreate it.
  2. But I’m worried that my Azure Devops access will vanish as my subscription has switched azure ADs?
Azure SQL Database
Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
22,898 questions
0 comments No comments
{count} votes

Accepted answer
  1. JamesTran-MSFT 36,776 Reputation points Microsoft Employee
    2021-10-12T17:21:52.2+00:00

    @Giles Middleton
    Thank you for your detailed post! I'll summarize your issue below for my understanding, and share some insights in regard to the Azure AD side of things to hopefully help point you in the right direction.


    Test Azure Active Directory:

    You don't have any associated subscriptions within this tenant.
    This is where you're trying to test different Authentication methods within your Managed Instance.

    Company Azure Active Directory & Company Subscription:

    Your Visual Studio Subscription with free credits is associated with your company tenant.
    You created a SQL Server managed instance within this tenant, I'm assuming you selected your VS subscription during creation.
    Since you aren't an admin within your company's domain (Azure AD), you can't give Azure AD permissions to this Managed Instance.

    Issue:

    When you switch to your Test tenant, you're unable to see the Managed Instance since it's associated with the subscription within your companies AzureAD.

    1. I assume I need to go to my subscription and change it’s AD to the new test domain, and that my SQL server managed instance may suddenly be visible there? Or will I have to recreate it.
    • From our Transfer an Azure subscription documentation, it looks like you should be able to transfer your Azure SQL database(s) with your subscription, so it'll be visible within the new tenant. However, this is definitely a complex process that can impact several Azure resources and must be carefully planned and executed. For more info.
    • Since you're solely trying to test different authentication methods, you can also leverage another subscription offering for this test tenant to help keep costs low.

    2) But I’m worried that my Azure DevOps access will vanish as my subscription has switched azure ADs?

    • From my understanding, your user should be linked to your Azure Active Directory and not your Subscription. Therefore, if you transfer your subscription to another Azure AD, your company user will still remain within the company tenant and continue to have access to Azure DevOps. However, as DSPatrick mentions, I'd recommend reaching out to our DevOps experts for more info on this.

    If you aren't able to be permanently assigned the AzureAD role needed for your test(s). I'd recommend reaching out to your AzureAD Admins to leverage Privileged Identity Management (PIM), which will allow them to assign you the role needed for a specific amount of time, so you can perform these Authentication tests on your managed instance, within your company domain.

    If you have any other questions, please let me know.
    Thank you for your time and patience throughout this issue.


    Please remember to "Accept Answer" if any answer/reply helped, so that others in the community facing similar issues can easily find the solution.


1 additional answer

Sort by: Most helpful
  1. Anonymous
    2021-10-12T15:37:02.847+00:00

    The product group for Azure DevOps / TFS actively monitors questions over at
    https://developercommunity.visualstudio.com/report?space=21&entry=problem
    https://developercommunity.visualstudio.com/report?space=22&entry=problem

    --please don't forget to upvote and Accept as answer if the reply is helpful--

    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.