Håvard Siegel Haukeberg

Paste life: Ctrl+C -> Ctrl+V



Create a new Azure AD directory in the same tenant

In your Azure/Office 365 tenant you may have several separate directories. You may also have custom domains but they will initially belong to a specific Azure AD.

An Azure AD directory is identified by the *

Here is how you create multiple Azure AD directories in the same tenant:

  1. Navigate to Azure AD Blade
  2. Click Create new directory
  3. Fill in information and select the correct country
  4. Click create and wait a bit
  5. Then click to manage your new directory
  6. Add custom domains if you need or just sync your new domain with dirsync

You may now add users or set up a separate domain sync. Or even custom domains.

This user catalog is separate and users need to be invited or added. Only one user will be present and that is the admin user that you were logged on with.

Hide Azure Active Directory from users

If any user in your organization decides to use Microsoft Azure, he/she can by default log in at and view the entire AAD catalog with object details. Within their own subscription the user can add a credit card andcspin up resources. The user can also invite users from the corporate catalog. Resources will be billed directly to the user’s credit card if not a subscription from the corporate enrollment has beenggranted.

In order to hide the Azure AD catalog for your organization you may do the following:

You have now hidden your Azure Active Directory from all non-admin users when accessing the AAD blade in the azure portal.

Next you may want to review the guest invitation permissions so users can not invite external users into your organization.

Review the settings here. Don’t be too strict.

Shared devices (Roaming Profiles) with Microsoft Intune

When you have more users than devices or users share devices and you only have Azure Active Directory the ability to switch users work a bit differently.

The first user that you enroll with will be an Administrator, all subsequent users will be a Standard users.

Microsoft Intune will block  any user to enroll a multitude of devices. The limit is set in Azure Active Direcory at 20 Devices. You can change this.

To do this keep in mind that you need to be an Administrator:

Navigate to:


Click Configure

Screenshot (1)
Select the number of devices you want the users to enroll



That is it. This user can now enroll an 1000 devices. on this domain

Blog at

Up ↑

%d bloggers like this: