question

PratyushaMenon-1522 avatar image
0 Votes"
PratyushaMenon-1522 asked 66166726 answered

Azure AD Terminologies

Can someone pls explain to me the puzzle of Azure AD Terms = subscription / tenant / directory ?

What I understood:

When I sign up for an Azure subscription = 1 subscription = 1 organization = 1 AD tenant eg: john@contoso.onmicrosoft.com

I can create another organization in the same subscription using the same AD Tenant eg: john@cronus.onmicrosoft.com

When I can create 2 directories and/or/also organization, why does the documentation say:

When a company or organization signs up to use one of these offerings, they are assigned a default directory, which is an instance of Azure AD. The default directory is sometimes referred to as a tenant. A given subscription is also associated to a single Azure AD directory. Multiple subscriptions can trust the same directory, but a subscription can only trust one directory."


Can someone pls help with this nomenclature confusion?

azure-active-directoryazure-ad-tenant
· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Hi, do you still require assistance? If not, please mark the answer as verified.

Thank you,
James

0 Votes 0 ·
MarileeTurscak-MSFT avatar image
0 Votes"
MarileeTurscak-MSFT answered ShanmathiManickasamy-3913 commented

Hi @PratyushaMenon-1522,

The terms "tenant" and "directory" are for the most part interchangeable and are used that way in Azure documentation.

A tenant is an instance of an Azure Active Directory. The tenant is an account in Azure that comes with a subdomain and an associated Azure Active Directory. In order to use an Azure Active Directory you need to become a tenant within the system. So a tenant is basically securing a .onmicrosoft.com subdomain. At that point you would have one account registered in your Azure AD.

As you mentioned, a subscription is associated to a single Azure Active Directory, but you can add multiple subscriptions to the same directory. One reason you might do this is to separate the finances and administration within a company. For example, a company might have a single org-wide tenant, but different Azure subscriptions for each department. That way the company can track how much money each department is spending on resources.

Another reason for doing this would be to divide subscriptions for different development purposes such as having a sandbox environment, staging environment, and production environment that each have different subscriptions attached.

Hope this helps and let me know if you have further questions!

· 2
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Thank you for your reply!

But honestly I still don't get it. When I'm able to create companyname1.onmicrosft.com AND companyname2.onmicrosoft.com in the SAME subscription, what does it mean when the documentation says, "1 subscription trusts 1 tenant"???

Because I can create 2 tenants in one subscription. (This is assuming I have understood it right that companyname1.onmicrosoft.com is a tenant/directory)

0 Votes 0 ·

Did you figure out the answer for your last question as I have the same exact doubt?

0 Votes 0 ·
66166726 avatar image
0 Votes"
66166726 answered

Looking closely at the explanation by @MarileeTurskac and combining that with Microsoft’s position that “…….. but a subscription can only trust one directory”, we may say that, while many subscriptions can belong to a single AAD, you can’t have a single subscription belonging to two or more AADs. Yes, the use of “trust” gives it an opaque meaning, such that, it can be interpreted to mean, even though you can do the association, but the subscription won’t be recognized/trusted by AAD.

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.