Home

Understanding Azure Account, Subscription and Directory.

%3CLINGO-SUB%20id%3D%22lingo-sub-34800%22%20slang%3D%22en-US%22%3EUnderstanding%20Azure%20Account%2C%20Subscription%20and%20Directory.%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-34800%22%20slang%3D%22en-US%22%3E%3CP%3EFor%20the%20last%20couple%20of%20days%2C%20I%20am%20trying%20to%20understand%20the%20relationship%20between%20Azure%20account%2C%20Subscription%2C%20and%20Directory%20and%20Resource%20Groups.%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EIs%20there%20any%20comprehensive%20guide%20that%20can%20help%20me%20to%20understand%20how%20Azure%20Account%2C%20Subscription%20and%20Directory%20works%3F%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThank%20you%20in%20advance.%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-34800%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EAzure%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-393590%22%20slang%3D%22en-US%22%3ERe%3A%20Understanding%20Azure%20Account%2C%20Subscription%20and%20Directory.%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-393590%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F17256%22%20target%3D%22_blank%22%3E%40Daniel%20Martins%3C%2FA%3EThanks%20for%20simple%20explanation%2C%20now%20those%20elaborate%20article%20will%20make%20more%20sense%20to%20me.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-37566%22%20slang%3D%22en-US%22%3ERe%3A%20Understanding%20Azure%20Account%2C%20Subscription%20and%20Directory.%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-37566%22%20slang%3D%22en-US%22%3E%3CP%3EHello%20Jahongir%2C%20all%2C%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EAdding%20a%20little%20bit%20more%20here%20to%20Stephane%60s%20great%20content.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EThe%20Azure%20account%20is%20a%20global%20unique%20entity%20that%20gets%20you%20access%20to%20Azure%20services%20and%20your%20Azure%20subscriptions.%20You%20can%20create%20multiple%20subscriptions%20in%20your%20Azure%20account%20to%20create%20separation%20e.g.%20%3CA%20title%3D%22Create%20Azure%20Subscription%22%20href%3D%22https%3A%2F%2Fblogs.msdn.microsoft.com%2Farunrakwal%2F2012%2F04%2F09%2Fcreate-windows-azure-subscription%2F%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3Efor%20billing%20or%20management%20purposes%3C%2FA%3E.%20In%20your%20subscription(s)%20you%20can%20manage%20resources%3CA%20title%3D%22Azure%20Resources%20Manager%22%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Fazure-resource-manager%2Fresource-group-overview%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3E%20in%20resources%20groups%3C%2FA%3E.%20Azure%20subscription%20can%20have%20a%20trust%20relationship%20with%20an%20%3CA%20title%3D%22Azure%20Active%20Directory%20(Azure%20AD)%22%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Factive-directory%2Factive-directory-whatis%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3EAzure%20Active%20Directory%20(Azure%20AD)%20%3C%2FA%3Einstance%20%E2%80%93%20more%20%3CA%20title%3D%22How%20Azure%20subscriptions%20are%20associated%20with%20Azure%20Active%20Directory%22%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Factive-directory%2Factive-directory-how-subscriptions-associated-directory%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehere%3C%2FA%3E.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EI%20hope%20this%20helps%20as%20well%20%3A)%3C%2Fimg%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3ECheers%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-35899%22%20slang%3D%22en-US%22%3ERe%3A%20Understanding%20Azure%20Account%2C%20Subscription%20and%20Directory.%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-35899%22%20slang%3D%22en-US%22%3E%3CP%3EI%20would%20probably%20start%20with%20the%20following%20links%3A%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EWhat%20is%20Azure%20Active%20Directory%3A%3C%2FP%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Factive-directory%2Factive-directory-whatis%22%20target%3D%22_self%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Factive-directory%2Factive-directory-whatis%3C%2FA%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThe%20relationship%20between%20AAD%20and%20subscriptions%3A%3C%2FP%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Factive-directory%2Factive-directory-how-subscriptions-associated-directory%22%20target%3D%22_self%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Factive-directory%2Factive-directory-how-subscriptions-associated-directory%3C%2FA%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EManaging%20resource%20groups%20with%20AAD%3A%3C%2FP%3E%3CP%3E%3CA%20title%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Factive-directory%2Factive-directory-manage-groups%22%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Factive-directory%2Factive-directory-manage-groups%22%20target%3D%22_self%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Factive-directory%2Factive-directory-manage-groups%3C%2FA%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EFrom%20each%20of%20the%20links%20above%2C%20there%20are%20multiple%20other%20links%20to%20a%20lot%20of%20content%20that%20will%20explain%20all%20these%20differnet%20components%20and%20their%20relationships.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EAside%20from%20the%20%22docs%22%20website%2C%20I%20also%20have%20found%20that%20the%20Microsoft%20Virtual%20Academy%20website%20is%20a%20great%20source%20of%20information%3A%3C%2FP%3E%3CP%3E%3CA%20title%3D%22https%3A%2F%2Fmva.microsoft.com%2F%22%20href%3D%22https%3A%2F%2Fmva.microsoft.com%2F%22%20target%3D%22_self%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fmva.microsoft.com%2F%3C%2FA%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ECheers%2C%3C%2FP%3E%3CP%3EStephane%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-35252%22%20slang%3D%22en-US%22%3ERe%3A%20Understanding%20Azure%20Account%2C%20Subscription%20and%20Directory.%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-35252%22%20slang%3D%22en-US%22%3E%3CP%3EGreat%20question!%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F17256%22%20target%3D%22_blank%22%3E%40Daniel%20Martins%3C%2FA%3E%2C%20is%20there%20someone%20from%20the%20team%20who%20can%20help%20to%20answer%20this%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1256590%22%20slang%3D%22en-US%22%3ERe%3A%20Understanding%20Azure%20Account%2C%20Subscription%20and%20Directory.%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1256590%22%20slang%3D%22en-US%22%3E%3CP%3EHi.%20I%20would%20like%20to%20explain%20that%3A%3C%2FP%3E%3CP%3ELets%20think%20that%3A%3C%2FP%3E%3CP%3EAD%20Account%20-%20Director%20of%20your%20Holding%3C%2FP%3E%3CP%3EDirectory%20-%20Sub-companies%20at%20your%20Holding%3C%2FP%3E%3CP%3ESubscriptions%20-%26nbsp%3B%20Each%20department%20at%20each%20directory%2Fcompany%3C%2FP%3E%3CP%3EResourceGroup%20-%20Shelves%20where%20you%20keep%20documents%20or%20etc%20on%20each%20department%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1270975%22%20slang%3D%22en-US%22%3ERe%3A%20Understanding%20Azure%20Account%2C%20Subscription%20and%20Directory.%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1270975%22%20slang%3D%22en-US%22%3E%3CP%3E%5Bedit%3A%20after%20posting%20this%2C%20i%20noticed%20this%20post%20was%20kicked%20from%20a%20few%20years%20ago%20by%20Khalid.%20Well%20then%20my%20contribution%20is%20for%20good%20sake%20%3B)%5D%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F596821%22%20target%3D%22_blank%22%3E%40Khalid_Garayev%3C%2FA%3E%26nbsp%3BThanks%20for%20your%20effort%2C%20but%20I%20think%20your%20drawing%20can%20confuse%20others.%3C%2FP%3E%3CP%3EI%20see%20subscriptions%20with%20the%20same%20name%20connected%20to%20multiple%20directories.%20That%20is%20not%20possible.%20Comparing%20it%20to%20a%20company%20and%20shelves%20is%20to%20simplified.%20I%20won't%20recommend%20using%20an%20Azure%20AD%20for%20every%20subsidiary%2C%20unless%20this%20a%20requirement%20for%20seperated%20administrative%20purposes.%20It's%20more%20convenient%20to%20add%20the%20different%20custom%20domain%20for%20those%20sub-companies%20to%20the%20same%20Azure%20AD.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EMy%202%20cents%3A%3C%2FP%3E%3CP%3EAzure%20Account%3A%20Your%20overall%20account%20to%20start%20you%20Azure%20journey.%20Also%20your%20billing%20account%3C%2FP%3E%3CP%3EAzure%20AD%3A%20Your%20directory%20for%20authentication%20and%20authorization%3C%2FP%3E%3CP%3EAzure%20Subscription%3A%20The%20container%20where%20your%20created%20resources%20are%20created.%20Billing%20is%20per%20subscription%3C%2FP%3E%3CP%3E(multiple%20subscription%20can%20have%20the%20same%20Azure%20AD).%20You%20can%20also%20set%20specific%20Azure%20policies%20on%20subscription%20level.%3C%2FP%3E%3CP%3EAzure%20Resource%20Groups%3A%20A%20logical%20group%20of%20resources%20belonging%20to%20the%20same%20application%20environment%20and%20lifecycle.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EWithin%20this%20construction%20you%20can%20seperate%20access%20to%20resource%20groups%20for%20departments%20by%20using%20clear%20RBAC%20roles.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EUsing%20multiple%20subscriptions%20can%20be%20convenient%20for%20administrative%2Fbilling%20use%2C%20or%20for%20example%20sandbox%20and%20test%20vs%20production%20environment.%20I%20don't%20recommend%20a%20subscription%20per%20department%20except%20when%20for%20example%20developers%20having%20their%20separate%20subscriptions.%20But%20then%20it's%20still%20rather%20based%20on%20usage%20than%20on%20a%20specific%20department.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1432944%22%20slang%3D%22en-US%22%3ERe%3A%20Understanding%20Azure%20Account%2C%20Subscription%20and%20Directory.%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1432944%22%20slang%3D%22en-US%22%3E%3CP%3EHi%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F33597%22%20target%3D%22_blank%22%3E%40jahongir%20abdurahmonov%3C%2FA%3E%26nbsp%3B%3CBR%20%2F%3E%3CBR%20%2F%3E%3CSPAN%3EAn%20Azure%20subscription%20is%20a%20logical%20container%20used%20to%20provision%20resources%20in%20Azure.%20It%20holds%20the%20details%20of%20all%20your%20resources%20like%20virtual%20machines%20(VMs)%2C%20databases%2C%20and%20more.%20When%20you%20create%20an%20Azure%20resource%20like%20a%20VM%2C%20you%20identify%20the%20subscription%20it%20belongs%20to.%20As%20you%20use%20the%20VM%2C%20the%20usage%20of%20the%20VM%20is%20aggregated%20and%20billed%20monthly.%3C%2FSPAN%3E%3CBR%20%2F%3E%3CBR%20%2F%3EFor%20more%20details%20check%20this%20out%3A%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Flearn%2Fmodules%2Fcreate-an-azure-account%2F4-multiple-subscriptions%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Flearn%2Fmodules%2Fcreate-an-azure-account%2F4-multiple-subscriptions%3C%2FA%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E
Highlighted
Contributor

For the last couple of days, I am trying to understand the relationship between Azure account, Subscription, and Directory and Resource Groups. 

 

Is there any comprehensive guide that can help me to understand how Azure Account, Subscription and Directory works? 

 

Thank you in advance. 

 

7 Replies
Highlighted

Great question! @Daniel Martins, is there someone from the team who can help to answer this?

Highlighted

I would probably start with the following links:

 

What is Azure Active Directory:

https://docs.microsoft.com/en-us/azure/active-directory/active-directory-whatis

 

The relationship between AAD and subscriptions:

https://docs.microsoft.com/en-us/azure/active-directory/active-directory-how-subscriptions-associate...

 

Managing resource groups with AAD:

https://docs.microsoft.com/en-us/azure/active-directory/active-directory-manage-groups

 

From each of the links above, there are multiple other links to a lot of content that will explain all these differnet components and their relationships.

 

Aside from the "docs" website, I also have found that the Microsoft Virtual Academy website is a great source of information:

https://mva.microsoft.com/

 

Cheers,

Stephane

Highlighted

Hello Jahongir, all,

 

Adding a little bit more here to Stephane`s great content.

 

The Azure account is a global unique entity that gets you access to Azure services and your Azure subscriptions. You can create multiple subscriptions in your Azure account to create separation e.g. for billing or management purposes. In your subscription(s) you can manage resources in resources groups. Azure subscription can have a trust relationship with an Azure Active Directory (Azure AD) instance – more here.

 

I hope this helps as well :)

 

Cheers

Highlighted

@Daniel MartinsThanks for simple explanation, now those elaborate article will make more sense to me.

Highlighted

Hi. I would like to explain that:

Lets think that:

AD Account - Director of your Holding

Directory - Sub-companies at your Holding

Subscriptions -  Each department at each directory/company

ResourceGroup - Shelves where you keep documents or etc on each department

 

 

Highlighted

[edit: after posting this, i noticed this post was kicked from a few years ago by Khalid. Well then my contribution is for good sake ;)]

 

@Khalid_Garayev Thanks for your effort, but I think your drawing can confuse others.

I see subscriptions with the same name connected to multiple directories. That is not possible. Comparing it to a company and shelves is to simplified. I won't recommend using an Azure AD for every subsidiary, unless this a requirement for seperated administrative purposes. It's more convenient to add the different custom domain for those sub-companies to the same Azure AD.

 

My 2 cents:

Azure Account: Your overall account to start you Azure journey. Also your billing account

Azure AD: Your directory for authentication and authorization

Azure Subscription: The container where your created resources are created. Billing is per subscription

(multiple subscription can have the same Azure AD). You can also set specific Azure policies on subscription level.

Azure Resource Groups: A logical group of resources belonging to the same application environment and lifecycle.

 

Within this construction you can seperate access to resource groups for departments by using clear RBAC roles.

 

Using multiple subscriptions can be convenient for administrative/billing use, or for example sandbox and test vs production environment. I don't recommend a subscription per department except when for example developers having their separate subscriptions. But then it's still rather based on usage than on a specific department.

Highlighted

Hi @jahongir abdurahmonov 

An Azure subscription is a logical container used to provision resources in Azure. It holds the details of all your resources like virtual machines (VMs), databases, and more. When you create an Azure resource like a VM, you identify the subscription it belongs to. As you use the VM, the usage of the VM is aggregated and billed monthly.

For more details check this out: https://docs.microsoft.com/en-us/learn/modules/create-an-azure-account/4-multiple-subscriptions