In Azure, multiple subscriptions can trust the same Azure Active Directory but each subscription trusts only one directory.
If you create a new Azure subcription, a new Azure Active Directory is automatically created and associated with your subscription. To provide a user access for a resource you can use Role-Based Access Control (RBAC) given that the user is part of the associated Azure Active Directory. You can also add existing users from another Azure Active Directory as guest but I would still recommend to link your subscriptions with the same directory for the following three reasons:
- If you use a different directory for your subscription you won’t be able to move resources between your subscription:
The source and destination subscriptions must exist within the same Azure Active Directory tenant.
- You can easy jump to your resources using the “All resources” blade by using the “Filter by Name” search field and don’t have to remember which resource belongs to which subscription:
- If your user is a guest in many directories, your tenant list will grow and switching directories will become a mess: