Requirements and active account lifecycle for External Azure Active Directory

Antonio Gianni 21 Reputation points
2021-07-24T17:54:30.243+00:00

Hello,
Just took AZ-104 Microsoft training and going back through all the notes and labs.
The section on User Accounts states:
Typically, Azure AD defines users in three ways: Cloud identities, Directory-synchronized identities and Guest users.

Cloud identities. These users exist only in Azure AD. Examples are administrator accounts and users that you manage yourself. Cloud identities can be in Azure Active Directory or an external Azure Active Directory, if the user is defined in another Azure AD instance. When these accounts are removed from the primary directory, they are deleted.

Having trouble with how you setup Cloud identities from an external Azure Active Directory? In the lab I have my directory tonyghotmail.onmicrosoft.com and an external directory is contosolabaz104104.onmicrosoft.com where I have defined a user az104-01b-aaduser1@contosolabaz104104.onmicrosoft.com.

From tonyghotmail.onmicrosoft.com I want to create/add az104-01b-aaduser1@contosolabaz104104.onmicrosoft.com but the only way I was able to do this is use Invite user/guest users but when I deleted the user from its primary AAD I did not see it get deleted from the first AAD as stated in the definition.

If I try to just use "create user" I am not able to select the external contosolabaz104104.onmicrosoft.com domain

My question: How can I set up a test using an external AAD where a user from this external AAD is"added" and where I can subsequently see the user get removed/deleted when it is removed from its primary AAD.
I am trying to validate the statement from the course notes
"When these accounts are removed from the primary directory, they are deleted.

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
19,469 questions
0 comments
Accepted answer
  1. AmanpreetSingh-MSFT 56,306 Reputation points
    2021-07-26T10:39:01.587+00:00

    Hi @Antonio Gianni · Thank you for reaching out.

    Not sure where have you read this information but this is not correct.

    When an account is removed from its primary directory, any External accounts corresponding to that account are NOT removed. Although, the external accounts won't be able to authenticate in that case but the external accounts remain in place and are not deleted/removed. The lifecycle for External Azure AD account is independent of the account in the home tenant.

    -----------------------------------------------------------------------------------------------------------

    Please "Accept the answer" if the information helped you. This will help us and others in the community as well.

0 additional answers

Sort by: Most helpful
Most helpful Newest Oldest