Multiple WVD tenants in the same subscription

%3CLINGO-SUB%20id%3D%22lingo-sub-1258397%22%20slang%3D%22en-US%22%3EMultiple%20WVD%20tenants%20in%20the%20same%20subscription%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1258397%22%20slang%3D%22en-US%22%3E%3CP%3EGood%20day%20community!%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20have%20a%20question%20regarding%20multitenancy%20in%20WVD.%3C%2FP%3E%3CP%3EIs%20it%20possible%20to%20have%20one%20single%20subscription%20where%20we%20manage%20the%20WVD%20session%20hosts%20which%20are%20member%20of%20multiple%20WVD%20tenants%20each%20pointing%20to%20their%20own%20Azure%20AD%20tenant%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EIt%20would%20describe%20a%20bit%20below%20slide%20where%20Azure%20AD%20is%20a%20different%20tenant%20per%20setup.%3C%2FP%3E%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22Thomas2607_0-1585293583802.png%22%20style%3D%22width%3A%20522px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Fgxcuf89792.i.lithium.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F179897i98B486A4601765C9%2Fimage-dimensions%2F522x296%3Fv%3D1.0%22%20width%3D%22522%22%20height%3D%22296%22%20title%3D%22Thomas2607_0-1585293583802.png%22%20alt%3D%22Thomas2607_0-1585293583802.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThe%20idea%20would%20be%20to%20have%20the%20ability%20to%20manage%20the%20session%20hosts%20(of%20different%20WVD%20tenants%20and%20according%20Azure%20AD%20tenants)%20in%20one%20single%20subscription.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EIs%20this%20technically%20possible%20and%20supported%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EKind%20regards%2C%3C%2FP%3E%3CP%3EThomas%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1258425%22%20slang%3D%22en-US%22%3ERe%3A%20Multiple%20WVD%20tenants%20in%20the%20same%20subscription%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1258425%22%20slang%3D%22en-US%22%3EI'm%20also%20interested%20in%20the%20answer%20to%20this.%20Furthermore%2C%20it%20would%20be%20nice%20to%20see%20some%20best%20practices%20on%20a%20service%20provider%20model%20type%20of%20documentation.%20The%20solution%20speaks%20about%20multi-tenancy%20but%20at%20the%20same%20time%2C%20you%20need%20ADDS%20or%20AD%20server%20for%20each%20and%20every%20client.%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1427351%22%20slang%3D%22en-US%22%3ERe%3A%20Multiple%20WVD%20tenants%20in%20the%20same%20subscription%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1427351%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F523664%22%20target%3D%22_blank%22%3E%40Thomas2607%3C%2FA%3E%26nbsp%3BWhat%20you%20are%20asking%20is%20not%20possible.%20You%20can%20currently%20deploy%20multiple%20WVD%20tenants%2C%20but%20they%20are%20all%20managed%20by%20a%20single%20AAD%20tenant.%20WVD%20uses%20a%20combination%20of%20AAD%20identity%20synchronized%20with%20either%20AAD%20DS%20or%20AD%20DS.%20Since%20WVD%20is%20using%20an%20Azure%20Service%20provided%20by%20a%20subscription%2C%20a%20subscription%20and%20its%20services%20can%20only%20be%20managed%20by%20a%20single%20AAD%20tenant.%20%22WVD%20tenants%22%20are%20really%20just%20a%20logical%20grouping%20inside%20the%20WVD%20service.%20It's%20confusing%20using%20%22tenant%22%20since%20we%20use%20that%20term%20to%20describe%20AAD%20instances%20and%20is%20probably%20why%20Microsoft%20is%20changing%20that%20term%2C%20in%20ARM%20WVD%202020%2C%20to%20%22workspace%22.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EHost%20Pools%20and%20session%20hosts%20are%20a%20child%20object%20of%20WVD%20tenants%20so%20they%20are%20locked%20to%20the%20same%20identity%20boundaries.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1590188%22%20slang%3D%22en-US%22%3ERe%3A%20Multiple%20WVD%20tenants%20in%20the%20same%20subscription%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1590188%22%20slang%3D%22en-US%22%3ECould%20you%20just%20simply%20host%20each%20customer%20in%20separate%20host%20pools%3F%3C%2FLINGO-BODY%3E
Highlighted
Occasional Contributor

Good day community!

 

I have a question regarding multitenancy in WVD.

Is it possible to have one single subscription where we manage the WVD session hosts which are member of multiple WVD tenants each pointing to their own Azure AD tenant?

 

It would describe a bit below slide where Azure AD is a different tenant per setup.

Thomas2607_0-1585293583802.png

 

The idea would be to have the ability to manage the session hosts (of different WVD tenants and according Azure AD tenants) in one single subscription.

 

Is this technically possible and supported?

 

Kind regards,

Thomas

 

3 Replies
Highlighted
I'm also interested in the answer to this. Furthermore, it would be nice to see some best practices on a service provider model type of documentation. The solution speaks about multi-tenancy but at the same time, you need ADDS or AD server for each and every client.
Highlighted

@Thomas2607 What you are asking is not possible. You can currently deploy multiple WVD tenants, but they are all managed by a single AAD tenant. WVD uses a combination of AAD identity synchronized with either AAD DS or AD DS. Since WVD is using an Azure Service provided by a subscription, a subscription and its services can only be managed by a single AAD tenant. "WVD tenants" are really just a logical grouping inside the WVD service. It's confusing using "tenant" since we use that term to describe AAD instances and is probably why Microsoft is changing that term, in ARM WVD 2020, to "workspace".

 

Host Pools and session hosts are a child object of WVD tenants so they are locked to the same identity boundaries.

Highlighted
Could you just simply host each customer in separate host pools?