Making clear about creating additional directories

HavrilyukRoman 21 Reputation points
2020-04-15T06:40:21.03+00:00

Hello guys!

The documentation does not clearly describe the creation of additional directories. May i ask your for some advice?
So for example, I have a license for educational institutions on my account. And it include azure for office365 license. On-premise domain alredy have sync with AAD. But, on premise, forest, with this domain, have forest trust with second forest and domain in it. I want to sync this domain too, but should i create another directory in Azure, if i want to make it separately?
What if i want to make work foreignsecurityprincipals? Should it work if i create another directory?

Second question about license. Correct me if i wrong: Documentation says, that License for azuread = subscription, and it can be associate with only one directory. Is that true? Or license should work account-wide?

The final result, I want to logically separate the two on-premise domains in AAD: the first for education support, the second for students, e.g. so that they do not see each other in msTeams and Exchange

Microsoft Teams
Microsoft Teams
A Microsoft customizable chat-based workspace.
9,033 questions
Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
19,389 questions
0 comments

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. JimmyYang-MSFT 48,551 Reputation points Microsoft Vendor
    2020-04-15T09:23:16.143+00:00

    Hi RomanHavrilyuk!
    According to your description, do you mean you want to create multiple Azure AD tenants for your organization?
    To my knowledge,the Azure AD tenant are isolated by design. If you want this separation, this is a supported configuration. For more details about this topology, you can refer to this link:
    https://learn.microsoft.com/en-us/azure/active-directory/hybrid/plan-connect-topologies#multiple-azure-ad-tenants
    For more details about licensing for Azure AD, you can also refer to:
    https://www.agileit.com/news/understanding-azure-active-directory-licensing-free-basic-p1-p2/

    2 people found this answer helpful.
    0 comments
  2. HavrilyukRoman 21 Reputation points
    2020-04-15T10:52:49.837+00:00

    Hello Jimmy!
    Isolation is what i need. I cannot understand meaning of two this entites:

    • azure tenant
    • azure active directory
      Its so blurry described..

    In docs says https://learn.microsoft.com/en-us/azure/active-directory/active-directory-how-subscriptions-associated-directory

    • Multiple subscriptions can trust the same directory, but each subscription trusts only one directory.
      So i have tenant with office365 subscription on it. Like contoso.onmicrosoft.com
      Am i right, that tenant is such entite, that contains some azure resource, like aad etc.?
      Is that mean, that i can create another aad in this tenant, and subscription from this tenant automatically adds to this aad?
    0 comments