您现在访问的是微软AZURE全球版技术文档网站,若需要访问由世纪互联运营的MICROSOFT AZURE中国区技术文档网站,请访问 https://docs.azure.cn.

集中管理操作Centralize management operations

对于大多数组织,使用单个 Azure Active Directory (Azure AD 适用于所有用户的) 租户可简化管理操作并降低维护成本。For most organizations, using a single Azure Active Directory (Azure AD) tenant for all users simplifies management operations and reduces maintenance costs. 这是因为所有管理任务都可以由指定的用户、用户组或该租户中的服务主体来处理。This is because all management tasks can be by designated users, user groups, or service principals within that tenant.

如果可能,我们建议您为您的组织仅使用一个 Azure AD 租户。We recommend that you use only one Azure AD tenant for your organization, if possible. 但是,某些情况下,可能需要组织维护多个 Azure AD 租户,原因如下:However, some situations might require an organization to maintain multiple Azure AD tenants for the following reasons:

  • 它们是完全独立的子公司。They are wholly independent subsidiaries.
  • 它们在多个地理区域单独运行。They're operating independently in multiple geographies.
  • 某些法律要求或合规性要求适用。Certain legal or compliance requirements apply.
  • 其他组织的收购 (有时是暂时性的,直到) 定义了长期租户合并策略。There are acquisitions of other organizations (sometimes temporary until a long-term tenant consolidation strategy is defined).

需要多租户体系结构时, Azure Lighthouse 提供了一种集中和简化管理操作的方法。When a multiple-tenant architecture is required, Azure Lighthouse provides a way to centralize and streamline management operations. 可以为 Azure 委托的资源管理载入多个租户的订阅。Subscriptions from multiple tenants can be onboarded for Azure delegated resource management. 此选项允许管理租户中的指定用户以集中、可缩放的方式执行 跨租户管理功能This option allows specified users in the managing tenant to perform cross-tenant management functions in a centralized and scalable manner.

例如,假设你的组织有一个租户 Tenant AFor example, let's say your organization has a single tenant, Tenant A. 然后,组织会获得两个额外的租户: Tenant BTenant C ,并且你的业务理由要求你将它们维护为单独的租户。The organization then acquires two additional tenants, Tenant B and Tenant C, and you have business reasons that require you to maintain them as separate tenants.

你的组织希望在所有租户中使用相同的策略定义、备份实践和安全流程。Your organization wants to use the same policy definitions, backup practices, and security processes across all tenants. 由于你已有用户 (包括负责在内执行这些任务的用户组和服务主体) Tenant A ,因此你可以在和中登记所有订阅 Tenant BTenant C 以便中的相同用户 Tenant A 可以执行这些任务。Because you already have users (including user groups and service principals) that are responsible for performing these tasks within Tenant A, you can onboard all of the subscriptions within Tenant B and Tenant C so that those same users in Tenant A can perform those tasks. Tenant A 然后,将成为和的管理租户 Tenant B Tenant CTenant A then becomes the managing tenant for Tenant B and Tenant C.

租户 A 中的用户管理租户 B 和租户 C 中的资源

有关详细信息,请参阅 Azure Lighthouse in 企业方案For more information, see Azure Lighthouse in enterprise scenarios.