Azure Active Directory B2C Tenant

Question

I have a structural question on the Azure portal. When I create a new Azure Active Directory B2C Tenant, it forces the creation of a new directory, with new org name, paired to the subscription ID from the directory where I created the tenant. This feels incredibly disjointed to me since my Active Directory is in my parent directory. So my questions are

1. Is this the standard model for using Azure Active Directory B2C?

   • Main Directory w/ subscription

                                -> B2C Tenant 1 (dev)
                                -> B2C Tenant 2 (staging)
                                -> B2C Tenant 3 (prod)
     

   • If so, does that mean that I should create all resources for the environment in the B2C Tenant directory?

2. Can I make multiple Azure Active Directory B2C tenants in my main account, and just separate them into different resource groups for dev, staging, and prod?

Reading the documentation, everything seems to show either creating a new Tenant which creates a new directory, or "Linking" and existing Tenant. The issue with that is when you create a tenant, you MUST specify a subscription, and to "Link" a Tenant, it can not have a subscription.. and since you can't remove a subscription from a Tenant, how is this option even possible?

Any help or guidance on these points would be greatly appreciated. I've spent days reading documentation and trying to get this set up along the lines of option 2 since that's the model that exists in a client account I need to replicate, but nothing has worked.

EDIT

I see that I can click on the B2C Tenant from my main Azure Active Directory account and see it's subscription status as

An Azure subscription is required to continue receiving SLA support for External Identities```

but when I click that it takes me to the Azure AD B2C directory and I'm confronted with this image

[![enter image description here][1]][1]

but when I look at the resource in the main Azure AD directory, I see I can move subscriptions but there is **already a subscription assigned** so what does it want me to do? 
[![enter image description here][2]][2]

It seems like the answer is "An Azure AD B2C directory is ONLY meant to manage the B2C tenant, and nothing else" but the only person to reply to this so far is saying that you should create all your resources in the B2C tenant directory, not the Azure Active Directory Account which has the resource group referencing the created B2C tenant.



  [1]: https://i.sstatic.net/g3dMY.png
  [2]: https://i.sstatic.net/72sH7.png

Answer 1

• When you create an Azure B2C tenant in your existing subscription, a new Azure AD directory with the name of the given Azure AD B2C tenant is created and related to it, a separate Azure AD B2C tenant/directory is also created. That is, by the name of the Azure AD B2C tenant, a normal Azure AD B2C directory is available as well as an Azure AD B2C directory/tenant is also available.

• Thus, when you create an Azure AD B2C tenant, it will be shown under you resource group in which it is assigned. Also, if you want to create a new resource in this new Azure AD B2C tenant, then you will need to link it with an existing subscription or add a new subscription to it as it functions as full-fledged separate tenant with an existing Azure AD default directory to take care of the Identity and Access Management requirements.

If so, does that mean that I should create all resources for the environment in the B2C Tenant directory?

Yes, you can separate your ‘dev, staging and prod’ B2C tenants for your convenience and create resources in it for your management purposes but you will have to link every B2C tenant with an active subscription plan so that the billing costs of the resources deployed in it are taken care of.

Can I make multiple Azure Active Directory B2C tenants in my main account, and just separate them into different resource groups for dev, staging, and prod?

Yes, you can as per the above given explanation.

Thus, for creating a new B2C tenant, you need to have an existing subscription of Azure and an existing Azure AD tenant through which you can surely create an Azure AD B2C tenant and further if you want to deploy Azure resources in it, then you can add a subscription or link an existing one.

Please find the below snapshots for your reference: -