Our business is currently looking to expand on providing solutions to customers. For example, there are multiple business units that might look to sell a service like power monitoring or energy utilization that is fed from IOT devices or energy resource son the customer site. The goal is to leverage Azure. We would plan on separating these environments into subscriptions with a shared service hub. The question is, would it be better to separate our customer environments from our internal Microsoft tenant?

Data Center and Cloud InfrastructureCloud
1.8k viewscircle icon3 Comments
Sort by:
IT Analyst in Manufacturing6 months ago

Technical isolation can be achieved either by using a separate Azure AD tenant or by leveraging multiple subscriptions within a single tenant. The choice largely depends on how you plan to govern these environments.

Using a single tenant offers cost benefits, as commitments for compute, storage, and AI/ML services can be aggregated across subscriptions, optimizing resource utilization and reducing costs including service monitoring.

On the other hand, separating environments into multiple tenants provides advantages in regulatory compliance, allowing organizations to define in-scope or excluded tenants based on specific compliance or business requirements.

In this scenario, I would recommend separating internal and customer environments into different tenants. 

A dedicated Azure AD tenant enhances security by preventing accidental cross-access and privilege escalation between internal users and customer data. Additionally, many industries require strict data sovereignty and compliance isolation (e.g., GDPR, HIPAA), which is more effectively managed with a separate tenant.

Note: If you choose to separate tenants, you’ll need a cross-tenant identity model to enable shared service access, such as Azure B2B or Entra ID.

IT Manager7 months ago

Yes, I think it is better for you to separate your customer environments from your internal Microsoft tenant. Not only it is easier to manage, you also need to ensure that your customer workloads and data are isolated from internal corporate IT resources to reduce security risks and minimizing cross-tenant dependencies.

Moreover, customers may want some ownership over their data and workloads, an isolated tenant provides clearer boundaries.

Lightbulb on1 circle icon1 Reply
no title6 months ago

Thanks for the reply Jacqueline!

Content you might like

Which tech conference do you intend to attend in person next year or have already participated in this year, and what motivated your choice?

Read More Comments

Which of the following skill sets do you think will be the most desired by leaders in 2023 when looking for upcoming talent?

Digital literacy and data analysis skills38%

Emotional intelligence and empathy skills47%

Creativity and innovation skills40%

Critical thinking and problem-solving skills53%

Adaptability and flexibility skills27%

View Results

We are a small to medium-sized company considering upgrading our IT infrastructure. We will be making changes to our storage and servers. I would appreciate your advice. We don't have many expectations: data security, ease of use, no hardware issues, adequate service support... Here are the brand models in the offers. Could you share your recommendations with me? Storage: Huawei Dorado2000 HPE MSA 2060 Dell ME5024FC Servers: Huawei 2288H V7 HPE DL380 Dell R760

Which database is best for nosql?

Firebase49%

Mongodb51%

Which aspects of cloud infrastructure optimization and management can be effectively handled by agentic AI workflows?