Azure AD, Subscription and Account
Updated: Jul 29, 2022
Making sense of relationship between Azure Account, Azure Subscription and Azure AD.
Azure AD, Azure Account and Azure subscription are the basic building block (or in other terms DNA of Azure cloud. Relationship between them is important to understand from cloud administration and architectural perspective.
What is Azure Account?
To start with - an Azure account is is a global unique entity that gets you access to Azure services and your Azure subscriptions.
What is Azure Subscription?
As per Microsoft Azure documentation - "A subscription is an agreement with Microsoft to use one or more Microsoft cloud platforms or services, for which charges accrue based on either a per-user license fee or on cloud-based resource consumption."
What is Azure Active Directory ?
An Azure subscription has a trust relationship with Azure Active Directory (Azure AD). A subscription trusts Azure AD to authenticate users, services, and devices.
Multiple subscriptions can trust the same Azure AD directory. Each subscription can only trust a single directory.
When a subscription expires, the trusted instance of the Azure AD service remains, but the security principals lose access to Azure resources.
To learn more about Azure AD visit : https://docs.microsoft.com/en-us/learn/paths/manage-identity-and-access/