Azure Subscription, Resource Groups, Management Groups and how they are linked to Azure AD Tenant and some common FAQs

What is an Azure Subscription

Azure Subscription provides the capability to create, deploy and run Azure Cloud Services (Virtual Machine, Containers, Azure SQL etc) in an Azure portal. if you don’t have an Azure subscription, you can’t use any of the Azure services. All the Azure services which you deploy are billed against the subscription you have. Some Azure subscriptions also come with a monthly spending limit, which means if you reach that limit, all of your Azure services will shut down and will be inaccessible until you make a payment or the monthly billing cycle is over (Some subscriptions like MSDN subscription gives you up-to 150 USD monthly Azure credit).  So choosing a right Azure subscription is important to run the production workloads. there are many subscriptions you can choose from and in this blog post, I will discuss some important facts about the different Azure subscriptions.

Every Azure Subscription Requires an Azure AD (Active Directory)

Azure Active Directory underpins the authentication for all Microsoft’s cloud services (Azure, Office365, Intune etc). if you are using any other Microsoft cloud service like office365, you are using Azure AD, it’s important and advisable to use the same Azure AD to access your Azure Subscription as well. Having a single Azure AD across all Microsoft’s cloud services will give you the ease of using single credentials to access all Microsoft’s cloud services.

Azure Subscriptions Types 

There are different types of Azure subscriptions available, its difficult to mention all the subscriptions but I am highlighting the most commonly used ones. for a detailed list of subscription and Azure offers, please have a look here

Subscriptions with no spending limit – these subscriptions don’t have any spending limit and are also good for running the Production workloads.

  • Pay-as-you-Go – In this subscription type, you sign-up for Azure by using your credit card and pay for Azure services using the credit card. All the services will be billed based on the Azure retail price. you can see the retail pricing here 
  • Cloud Solution Provider (CSP) – This is actually a better option to run production workloads. in the case of a CSP subscription, a Microsoft CSP partner can create a CSP Azure subscription for you, and will also send you a monthly invoice for the services you have consumed. pretty much like a postpaid billing. your CSP partner can also offer you some % of discount and also provide some additional services based on your usage. for more information, please have a look here
  • Enterprise Agreement (EA) – Any Enterprise Agreement customer can add Azure to their agreement by making an upfront monetary commitment to Azure. this is mostly a choice for enterprises as they get the maximum discount for using Azure services. EA subscription is billed annually. for more information, please have a look here

Subscriptions with a spending limit  – Some subscriptions come with a monthly spending limit and you can’t use your services if the monthly limit is reached. some of these subscriptions are:

  • Visual Studio – With Visual Studio Enterprise you get $150 worth of Azure credits every month, these credits can be used against any Azure services. Once the credits are exhausted all the running Azure services will shut down and won’t be accessible until the monthly cycle is over.
  • Azure Pass – This is ideally a free Azure subscription, given by Microsoft when you attend some Microsoft training or Azure boot camps. these subscriptions come with a fixed value and don
  • Free Trial – Azure free trial provides you with $200 worth of Azure credits to run and play Azure services. you can also convert a free trial to Pay-As-You-Go to continue using Azure services.

How do you know which Subscription do you have?

It may happen that you get an access to an Azure subscription but you aren’t sure which type of subscription it is. You can always have a look at the subscription by logging on to Azure portal and navigate to All Services> Subscriptions as of now both EA and CSP subscriptions clearly show their type like EA & CSP, however, you wont see this detail in all other subscriptions.

To know more about any subscription and what restriction it has. Click on the subscription and a new page will open up to show more details about that subscription:

Following actions and information are avilable here:

  1. Rename your subscription – You can rename the name of the subscription, this doesn’t impact any deployed resources. It’s just a name change. however, you can’t rename the subscription ID
  2. Change Directory – if you want to associate your subscription to other Azure AD, you can do that by selecting a list of Azure AD accessible to your logged in account (Remember Azure AD is a separate service).
  3. Offer ID – Offer ID can help you determine the type of subscription you have and what kind of restriction this subscription may have. You can have a look at all the offer ID given by Microsoft by clicking here
  4. Status – if your subscription is showing as disabled, mostly in the case of MSDN where we have a monthly limit, it means you can’t currently use your subscription to deploy and access any new and existing resources.

Let me also answer very common questions which people have –

  • What is a Subscription 

A Subscription is a type of cloud service you want to purchase from Microsoft, for example, you may just want to use Office365 service, that means you purchase Office365 subscription, but later you decided to purchase Intune and Azure as well, now you have Azure, Intune, and Office365 Subscriptions. Please also note that some of these subscriptions can be part of a bundled licensing – for Example:

  • Microsoft 365 Subscription provides you with Office365, EM&S and Windows 10 in a single licensing per user
  • Office365 Subscription provides you with Office 365 services (SharePoint online, Exchange Online, Yammer etc. etc. )
  • EM&S Subscription provides you with Azure AD, Intune, AIP, ATP, Cloud App Security etc.

All these above Subscription’s licensing works on a  per-user basis, however, the Azure cost is calculated based on the type of Azure service, its tier, quantity , storage and lot of other factors.

  • How many Azure Subscriptions do I need

It depends, Azure subscriptions can be used as an isolation boundaries between resources and business groups, you may want to use multiple subscriptions for multiple business units for isolation, political and compliance purpose. A common example will be Dev & Test is managed in one Azure subscription and Production is under another. You can give full access to developers to manage their own subscription but for the Production subscription there can be and IT team managing it with a full change management, approval process for on-boarding and Off-boarding plus additional security.  You may also want to have multiple Azure subscriptions if you are using Azure services in scale. Have a look at Azure Subscription limits –

  • Do I get a separate Azure AD for each cloud service? 

This is up to you, ideally you would like to use the same Azure AD across all the Microsoft cloud services to get a single UN/Password to access these services, technically you can have separate AD for each and every Microsoft cloud service (Office365, Intune, Azure, Dynamics365) if there is a need but this will end up in multiple UN/Password for your users. It may be useful in some scenarios but 99% of customers want a single set of credentials to access all the cloud services

  • Can I Synchronize users from Windows AD to Azure AD to use single UN/Password for consistency

Yes, you can use Azure AD Connect to synch your identities to Azure AD, however, it’s not recommended to synchronize your Windows AD to multiple Azure ADs. It should be synchronized to just one Azure AD (This again proves you should try to use single Azure AD across all the Microsoft cloud services)

Yes, you can use Azure AD Connect to synch your identities to Azure AD, however, it’s not recommended to synchronize your Windows AD to multiple Azure ADs. It should be synchronized to just one Azure AD (This again proves you should try to use single Azure AD across all the Microsoft cloud services)

  • I am still not sure how to explain this to my cloud service provider that I want a single Azure AD and How do I even find it? 
  • He is asking me what is your existing Azure Tenancy Name
  • He is asking What should be your new tenancy name

No worries, this is a common confusion, you can always find your existing Azure Active Directory Tenancy name by looking at following locations. If you don’t have any Azure AD tenancy, Always use your company name for the Azure AD Tenancy (Tenancy Name is a unique name suffixed by name and it can’t be renamed and the only option to change it is – A Tenancy Migration, which is a complicated process)

How to view the existing tenancy name:

For Office365  – > Setup > Domains

For Intune or Microsoft Azure > Azure Active Directory > Custom Domain Names

You can see I have same Azure AD tenancy name in both Office365 and in Azure. This confirms that I am using a single Azure AD for both Office365 and Azure. In this example techtalkcloud1 is my tenancy name and it’s unique and now no one else can use it as I have claimed this name, this name is always appended with and this is how my tenancy is uniquely identified in Microsoft cloud services.

  • Can I use my own domain name than *

Yes, In my example I am using as I own this domain and I have verified it. Now all my users can be created with my choice of (i.e.

  • Can I connect multiple Azure subscriptions to a Single Azure AD?

Yes, ideally this is preferred choice but if require, you can have separate Azure AD for separate Azure subscription

  • Can a Single Azure subscription be part of multiple Azure Active Directories?

No. it will always be part of a single Azure Active Directory

  • What is an Azure Resource Groups 

Resource groups help you group and organize your resources in a container, you can then assign Role based permission to a resource group to restrict who can access the resource with a resource group. Resource groups don’t span over multiple Azure subscriptions

  • What is a Management Group

Management group lets you manage multiple Azure Subscription and also help you assign Role based access control, Azure policies across all of your Azure subscriptions (There is more info about management group in my other blog)

  • How do I check if a tenancy name is available for my company? Or what should I do if it’s not available?

Have a look at if this name is available, tell your cloud service provider to use this name. sometimes people add some prefixes of suffixes to distinguish their tenancy name – for example, I could have used techtalknz (New Zealand Name)

  • Do I really care about this tenancy name if this will be verified by my Domain Name?

Yes, Some services like SharePoint online will always display a tenant name as its URL. I have seen customers have used names like CoolDude (Not literally) or their own name as a tenant name and later regretted as it can’t be renamed. so choosing the right name is advisable 


  • Gaurav Dharasania

    Hey Deepak, I regularly follow your blog. And this was need for the hour for consultants like me to answer the FAQ by customer why so many subscription and thier actual differences. You made it lot more simple for people like us. Thanks a lot buddy!

    • Deepak Maheshwari

      Thank you Gaurav!!

  • Jaikrit Negi

    Thanks for sharing, Deepak. This is a real simplified piece on Azure subscriptions. FAQs well explained.

    • Deepak Maheshwari

      Thank you Jaikrit