I'm somewhat confused about the relationship between office 365 authentication and azure and specifically azure AD. What if a company also own an azure subscription, is the azure AD that authenticates when accessing the azure subscription the same? Is it different? Can it be different? Also what if your azure hosted application needs to authenticate and authorize a different set of users from those enabled to the azure subscription, is there an "application mode" active directory for this? I would appreciate some help in clarifying the relationships and better define the boundaries.
1
votes
If you buy Office 365 you get a Azure AD that you authenticate against. Let’s say that you later sign up for Azure and don’t put in your current Azure AD that you got with your Office 365. Then you get 2 separate Azure AD, this is not ideal since it’s different identity’s. docs.microsoft.com/en-us/office365/enterprise/images/… . So you can have different AAD but you want to have 1 AAD for Office 365, Azure, dynamics 365 and so on.
– Jarnstrom
1 Answers
0
votes
Office 365 accounts are backed by Azure Active Directory. i.e. when you sign into your Office 365 account, you are using an identity stored in Azure Active Directory. Read more...
An Azure Active Directory Tenant can have multiple Azure Subscriptions within it. You can use the same Azure Active Directory account to access these different Azure Subscriptions assuming they are all contained within the same tenant. Read more...
It is possible for a user to be a part of multiple tenants and subscriptions using guest accounts. Read more...
Azure Active Directory Applications support multi-tenant authentication, which means that it can automatically handle users from multiple different tenants without much effort. Read more...
