Multiple Azure tenants for Production and Dev

Not applicable



I'm trying to figure out what are the best practices for having the need for a production tenant and a dev tenant.  Some of the IT departments in my company are saying the need another tenant to all testing in.  Since we have domains for prod and non prod they want to use the same model with azure ad.  We are currently in the process of our licensing renewal and its being requested that we buy extra licenses for this.  Is this something that would need to be purchased separately?  

4 Replies

Best practice would be to have this on a Dev/Test subscription. This way you can use the same Azure AD tenant to control the identities and access through RBAC. This is available through EA or available as a pay as you go subscription. The best part about Dev/Test subscriptions is that they are billed at a substantially lower rate. I will include the link below for both EA and Pay As You Go. 


EA -







From my experience, i would suggest two subscriptions with a AzureAD and a Azure AD Sync from OnPremise Test Domain to the Azure Test Tenant with the Azure Test AAD and also the same for OnPremise Prod Domain to the Azure Prod Tenant with the Azure Prod AAD. This will separate the Domains completely and ramp up a whole test Environment like you have OnPremise. You need to take care of Licences in the Test Environment, as you may have them now only in the Production Tenant.


To have only one Tenant with a Test and a Prod Subscription will be good for Cost Management and Resource Management, but you might always run in Problems with the one Azure AD in the Background.


Kind Regards, Peter


Thanks for the information... We will most likely have to go down this route since this will be the safest way to test all the integrations with 3rd party SSO, MFA etc.. I just wanted to make sure I wasn't missing anything.





@Bryan Haslip 


Thanks for the information... Our IAM team wants to be able to test their 3rd Party SSO and MFA integrations in a completely separate tenant before moving it to the production tenant.  The only way they feel they can test safely is by having the separate tenant linked to a separate domain.