Forum Discussion
Understanding Azure Account, Subscription and Directory.
For the last couple of days, I am trying to understand the relationship between Azure account, Subscription, and Directory and Resource Groups. Is there any comprehensive guide that can help me ...
I think one important aspect from the learner's perspective is the chronological order in which you administrate the entire Azure process.
Technically, it BEGINS with purchasing a subscription. When you create the subscription you become the administrator of the subscription. From this, you create and can expand an Azure Active Directory. At this point, your subscription, tenant and AAD all exists. What's confusing is showing a hierarchy with the subscription level below the others, when in fact, at least creation-wise, that subscription must already exist.
Technically, it BEGINS with purchasing a subscription. When you create the subscription you become the administrator of the subscription. From this, you create and can expand an Azure Active Directory. At this point, your subscription, tenant and AAD all exists. What's confusing is showing a hierarchy with the subscription level below the others, when in fact, at least creation-wise, that subscription must already exist.
Adding in, from: https://azure-training.com/2022/02/28/understanding-tenants-and-subscriptions-in-azure/#:~:text=A%20Tenant%20refers%20to%20a%20single%20dedicated%20and,represents%20a%20single%20organization%2C%20identity%2C%20or%20a%20person.
Although when an organization or an individual signs up for the first time, only a single tenant is created and associated, but multiple tenants can be created after signing up and, therefore, an organization can have more than one tenant, depending upon organizational requirement. Each tenant has its own Azure Active Directory, thereby having a one-to-one relation between the tenant and the Azure AD, where each tenant is referred to as an organization. In a single tenant, resources within the tenant have access to other services and resources within that tenant, whereas, when the resources within a tenant have access to other resources and services in a shared environment across multiple organizations (i.e., multiple tenant), they are considered as multi-tenant.
Although when an organization or an individual signs up for the first time, only a single tenant is created and associated, but multiple tenants can be created after signing up and, therefore, an organization can have more than one tenant, depending upon organizational requirement. Each tenant has its own Azure Active Directory, thereby having a one-to-one relation between the tenant and the Azure AD, where each tenant is referred to as an organization. In a single tenant, resources within the tenant have access to other services and resources within that tenant, whereas, when the resources within a tenant have access to other resources and services in a shared environment across multiple organizations (i.e., multiple tenant), they are considered as multi-tenant.