Each Entra ID tenant (or directory) is managed as an independent resource. There is no parent- child relation between directories, although users from one directory can be invited to another directory through Entra External Identities features.
Because each tenant is an independent resource, directories can be created and deleted as needed. This also means that each directory can have independent administrators and role assignments. Deleting an existing directory can affect resources outside the directory. For
example, when deleting a directory where external users are present, those users will no longer be able to access any applications or resources that have been shared with them.
Finally, each directory can be synchronized independently as well. This means if you have two domains on-premises that need to be synchronized to two different Entra ID tenants, you have the flexibility you need when implementing hybrid identity with Entra.
IMPORTANT ENTRA ORGANIZATIONS AND AZURE SUBSCRIPTION
There is no parent-child relationship between Entra ID organizations and an Azure subscrip- tion. If your subscription is canceled or no longer valid, you can still access your Entra tenant using the Microsoft 365 admin center or PowerShell. Also, you can add another subscription to the existing organization later.
Managing directories can include deleting directories or even an entire Entra ID tenant. To delete a tenant, Global Administrator rights are required. When a directory is deleted, all the resources or objects within that directory are deleted as well.
There are several prerequisites that must be satisfied prior to deleting a directory:
An Azure subscription, which forms the core of an Azure environment, is a foundational component of every Azure implementation. Every resource that you create in Azure resides in an Azure subscription, which is a billing boundary for Azure resources with per-resource, role-based access controls.
As you build and deploy services in Azure, you will create many types of resources. For instance, when creating your first virtual machine, you will also deploy many other resources including
It is important to understand that many services in Azure create multiple resources, and how you manage those resources will be driven by organizational policy and the lifecycle of your infrastructure hosted in Azure.
This skill covers how to:
A resource in Azure is a single-service instance, which can be a virtual machine, a virtual network, a storage account, or any other Azure service (see Figure 1-29).
FIGURE 1-29 Azure resource
Resource groups are logical groupings of resources or those single-service instances (Figure 1-30).
FIGURE 1-30 Azure hierarchy
Each resource in Azure can only exist in one resource group, and resource groups cannot be renamed. There are no limitations to the types of resources that can be logically contained within a resource group, and there are no limitations on the regions in which resources must reside when in a resource group.
Figure 1-31 shows this hierarchy within an Azure subscription, multiple resource groups, and the resources that reside within those resource groups.
FIGURE 1-31 Azure hierarchy
Acedexam Training Policies
Learning resources
Other resources
Our Training Providers
