What is an Azure Tenant?

Jessica

An Azure Tenant is a dedicated instance of Microsoft Entra ID that represents your organization’s identity and access management boundary in Azure. It stores users, groups, applications, roles, and authentication policies, and acts as the central directory for managing access to Azure resources. A single tenant can contain multiple Azure subscriptions under the same identity system. How does your organization structure tenants and subscriptions to manage governance and security effectively?

Emily

In our organization, we structure Azure tenants and subscriptions to effectively manage governance and security by aligning them with our operational and regulatory needs. We maintain a single Azure tenant as the identity and access management boundary for all users, groups, and applications across our organization. Within this tenant, we create multiple subscriptions to separate different environments, such as development, testing, and production, ensuring clear isolation of resources and management boundaries. Each subscription is governed by its own set of policies and role-based access control (RBAC) to ensure that only authorized users can access critical resources. Additionally, we implement Azure Policy to enforce compliance with organizational security standards, like ensuring only approved virtual machine sizes or regions are used. For enhanced security, we use Azure AD for identity management and enable multi-factor authentication (MFA) across all accounts. This structured approach helps us maintain tight control over access, reduce risks, and comply with regulatory requirements.