@Giles Middleton
Thank you for your detailed post! I'll summarize your issue below for my understanding, and share some insights in regard to the Azure AD side of things to hopefully help point you in the right direction.
Test Azure Active Directory:
You don't have any associated subscriptions within this tenant.
This is where you're trying to test different Authentication methods within your Managed Instance.
Company Azure Active Directory & Company Subscription:
Your Visual Studio Subscription with free credits is associated with your company tenant.
You created a SQL Server managed instance within this tenant, I'm assuming you selected your VS subscription during creation.
Since you aren't an admin within your company's domain (Azure AD), you can't give Azure AD permissions to this Managed Instance.
Issue:
When you switch to your Test tenant, you're unable to see the Managed Instance since it's associated with the subscription within your companies AzureAD.
- I assume I need to go to my subscription and change it’s AD to the new test domain, and that my SQL server managed instance may suddenly be visible there? Or will I have to recreate it.
- From our Transfer an Azure subscription documentation, it looks like you should be able to transfer your Azure SQL database(s) with your subscription, so it'll be visible within the new tenant. However, this is definitely a complex process that can impact several Azure resources and must be carefully planned and executed. For more info.
- Since you're solely trying to test different authentication methods, you can also leverage another subscription offering for this test tenant to help keep costs low.
2) But I’m worried that my Azure DevOps access will vanish as my subscription has switched azure ADs?
- From my understanding, your user should be linked to your Azure Active Directory and not your Subscription. Therefore, if you transfer your subscription to another Azure AD, your company user will still remain within the company tenant and continue to have access to Azure DevOps. However, as DSPatrick mentions, I'd recommend reaching out to our DevOps experts for more info on this.
If you aren't able to be permanently assigned the AzureAD role needed for your test(s). I'd recommend reaching out to your AzureAD Admins to leverage Privileged Identity Management (PIM), which will allow them to assign you the role needed for a specific amount of time, so you can perform these Authentication tests on your managed instance, within your company domain.
If you have any other questions, please let me know.
Thank you for your time and patience throughout this issue.
Please remember to "Accept Answer" if any answer/reply helped, so that others in the community facing similar issues can easily find the solution.