7

Can managed identity be configured for accessing Azure resources across different Azure subscriptions?

Could you point me out in right direction, isn't Azure federation supposed to take care of this?

Seems not feasible based on my R & D as well. Do I seem to be overestimating this Azure AD feature.

Accounts in any organizational directory?

enter image description here

Abhijeet
  • 13,562
  • 26
  • 94
  • 175

1 Answers1

4

Based on your and my comment:

  • Comment Question: is those subscriptions on same Azure AD tenants?
  • Comment Answer: No. Thinks of all together different Business Org. Different subscription

My Answer to your question is:

Managed identities exist in the Azure AD tenant as service principals. It is therefore can only be assigned access to any subscription connected to that Azure AD tenant.

So in short, if the subscriptions are connected to different Azure AD tenants, it wont be possible to achieve what you are asking about as far as I know.

EDIT In addition to your comment

Comment: Can managed identity be used if all tenants were in same subscription?

My answer is: Each subscription can only belong to one tenant. please check Microsoft doc https://learn.microsoft.com/en-us/microsoft-365/enterprise/subscriptions-licenses-accounts-and-tenants-for-microsoft-cloud-offerings?view=o365-worldwide

Note: if this is feasible by one or other way and there are answer that can show the opposite of my experience and knowledge, I will be glad to know that as well.

Maytham Fahmi
  • 31,138
  • 14
  • 118
  • 137