0

I have an Azure Subscription linked to my AAD directory (AAD 'Dev'), and I have resources associated with this directory. However, I have a separate AAD test tenant (let's call it AAD 'Test') which some Visual Studio Teams SDK templates assume that the 'Test' directory and the 'Dev' resource directory are the same, or there is a subscription associated with the Test directory. In my case, it is not.

My understanding is that the relation between AAD and Azure Subscription is a 1-M or 1-1 relationship, but M-1 is not supported. This means I cannot use the same subscription for two AADs.

If I assign the subscription to the test tenant (Test), what will happen to the resources running in the 'Dev' directory? Will they be interrupted? Any suggestions are appreciated.

Snekithan
  • 360
  • 3
  • 11

1 Answers1

1

I agree with you, Azure Subscription and AAD have a 1-M or 1-1 connection, and M-1 is not supported which means several AAD directories can be linked to a single Azure subscription, but only one AAD directory can be linked to a single Azure subscription.

In my environment, I created two Azure AD Tenants like below:

enter image description here

When I checked, the subscription is only linked to one directory:

enter image description here

The other AAD Directory doesn't have any subscription linked:

enter image description here

If I assign the subscription to the test tenant (Test), what will happen to the resources running in the 'Dev' directory? Will they be interrupted?

No, the resources in the Dev directory will not be interrupted or affected automatically but you won't be able to access the resources anymore.

  • If you deploy a virtual machine in an Azure subscription that is linked to the AAD directory "Dev," you will be able to access that virtual machine from the "Dev" AAD directory.
  • But if you assign that Azure subscription to a new AAD directory called "Test," you won't be able to access that virtual machine from the "Dev" AAD directory anymore.
  • You must first create a new resource group in the "Test" AAD directory before deploying the virtual machine to that group in order to access the virtual machine from the "Test" AAD directory.

You can refer the below MsDoc to know more in detail about the impacts:

Transfer an Azure subscription to a different Azure AD directory

Rukmini
  • 6,015
  • 2
  • 4
  • 14