Can you create resources inside an Azure AD B2C directory?
Hierarchy / Relationships
I'm rather confused about the relationship between Azure AD, subscriptions, resources and Azure AD B2C.
This is how I think it's tied together:
- An Azure AD directory (or organization?) can have many subscriptions
- Subscriptions can only be tied to a single directory
- Resources (inside resource groups) can only belong to a single subscription
- You can have up to 20 Azure AD B2C tenants/directories per subscription
This gives the following example hierarchy:
- Azure AD directory (contoso.com)
- Dev subscription
- Resource group X
- Azure AD B2C #1
- Azure AD B2C #2
- Resource group X
- Prod subscription
- Resource Group Y
- Azure AD B2C #3
- Azure AD B2C #4
- Resource Group Y
- Dev subscription
Do correct me if I'm wrong, please!
The really confusing part
In the Azure portal, I have a B2C tenant resource in my AD directory:
Also, from the menu in the top right corner, I can click 'Switch directory', and see both my AD directory and my B2C directory:
When I switch to the B2C directory, I get the same left menu that I have in my AD directory:
Ok.
So I have a menu option to create a resource, and I can also view resources inside this B2C directory!
Questions:
- Can you actually create resources inside a B2C directory? Seems to me that B2C is itself a resource, belonging to a specific subscription and a specific AD directory.
- If you can, when would you – if ever – do it?
I'm thinking this is simply a quirk of the Azure Portal. I don't see how you could create a resource inside a B2C directory using e.g. ARM / Bicep / Terraform.
You cannot create resources in B2C tenant. In general resources are created and belong to the subscription, not the tenant. You would have to have the subscription assigned to your B2C tenant but that is not possible.
Yes it is a resource, belonging to specific subscription (for billing purposes) and subscription is linked to AAD tenant
No, the main goal of B2C is to manage identities. If it would be ever possible it wouldn't work well. Much better idea is to create an additional subscription in your base tenant if you ever need to separate resources (for example for billing purposes).
- What is a difference between elastic computing and serverless computing?
- Access Sharepoint Online Files from .NET Worker Service via Microsoft Graph/OAuth - Unauthorized or Access Denied error (401)
- How do I fix SerializationNotSupportedParentType and ThrowNotSupportedException_ConstructorContainsNullParameterNames exception in System.Text.Json?
- Update VCore by database in power shell
- While scanning a simple key, could not find expected ':'. Syntax error in azure-pipeline.yaml
- I'm not able to call the Azure document intelligence api using the latest api version "2024-02-29-preview"
- AzureWebJobsStorage Managed Identity not working
- Get-RemoteDomain in powershell exchange online error : The term 'Get-RemoteDomain' is not recognized as the name of a cmdlet
- How can I Get Started Using Certificates to Authenticate my APIs Using Azure Key Vault?
- Azure Storage blob getting the io.netty.channel.StacklessClosedChannelException while generating /downloading the from SasUrl
- How to set up a site-to-site connection between Azure VNet and an on-premises network with a single IP address for traffic selectors?
- Summarization of docx or pdf document
- Unable to use Azure Developer CLI (azd) in vsCode even after extensions installed
- How to configure backend application on Container Apps
- WebJob is stopping due to website shutting down
- Azure SQL trigger for Functions configuration problem
- Does azure blob storage support http2?
- Azure Pronunciation Assessment Could not deserialize speech context error
- Is there a query to run so I can get a list of users who has NOT logged in, in the past 30 days?
- How do I Parse FormData containing a audio file in AZ function app in 2025
- Not able to delete Public IP address in azure
- Azure Devops Apple App Store Release.Missing value for the attribute 'whatsNew'
- Azure Storage accounts container public access level has dissabled
- Issue with adding delegated Graph API permission to Enterprise app with Terraform
- Getting an error when using the Flexible File Destination Task in Visual Studio 2022 SSIS
- Problem with Azure Email Communication Service Custom Domain
- How to refresh client assertion in ConfidentialClientApplication?
- Using Microsoft Graph Explorer (we have code too) we can GET All Subscriptions, but GET one by ID gives access error
- Invalid operands found for operator -eq
- nginx - php-fpm - azure container app returns truncated pages