Recently I opened a new Azure subscription with my Microsoft Account. Since every Azure subscription needs to have an Azure Active Directory (AAD) for the subscription management in the background, Microsoft assigns a new or an existing AAD to that subscription.
In the Azure management portal you can see the default directory for an Azure subscription in the “Settings” / Subscriptions in the “Directory” column. The following screenshot shows an example.
Here are two Azure subscriptions (Azure and AzureS) managed by one AAD (mvpdemo2014.onmicrosoft.com – which is a more than one year old, no longer active Office 365 demo 30-days-trial).
Why would you want to change the default AAD?
So far so good. What if the assigned AAD for an Azure subscription is not the one you want to use?
For example in an organization you maybe want to use your (federated or Office365) AAD?
The second problem – in my case – was that I could not add other Co-Admins to the specific Azure subscription. The portal always delivered an error: “The account 'email@example.com' could not be made a co-administrator due to a directory error.” Troublesome…
I found out that the underlying AAD (mvpdemo2014.onmicrosoft.com) seemed to be the problem because in other Azure subscriptions adding Co-Admins worked. So I had no idea what caused the problem in the AAD and I could not fix it myself in the AAD. The following steps were the solutions for that issue.
How to change the default AAD
The Azure portal shows the default directory of Azure subscriptions on the “settings” / “subscriptions” as mentioned above.
The way is very simple: Select the Azure subscription and click “Edit directory” in the menu below.
Now choose the new desired AAD from the Directory dropdown.
(You can also create a new AAD in the Azure portal before performing this step if you like…)
In my sample I selected my default directory I am using in another Azure subscription.
The next steps informs if existing Co-Admins are affected - or not. Take care that you are global admin of the new AAD, otherwise you could loose the permission to manage the Azure subscription.
After confirming the portal must reload: Ok.
After the reload don’t worry, if the Azure subscription is gone now… (as in the background of the following screenshot). You need to switch to the “new” AAD in the subscriptions menu.
In my case I selected my “Default” Active Directory where I now can see and manage the “AzureS” subscription.
That’s it. The Azure subscription is now managed by the “new” AAD.
Add new Co-Admins
Now add new Co-Admins to that Azure subscription. You can add new users or use existing users (as I did because other users already had permissions to other Azure subscriptions) and select the subscription permissions. With “edit” this looks like here.
The result: Voila, it worked!
(No more error “The account 'firstname.lastname@example.org' could not be made a co-administrator due to a directory error.”… the “new” AAD fixed that problem.)
So this is how to change an Azure subscription management to another AAD. Hope it helps!