A tenant in Azure Stack Hub is an entity that can be an organization, a business, a department in a company, etc., that derives services from Azure Stack Hub. It is an identity domain that requires permission to access the resources. A tenant directory is associated with these entities, maintaining their Azure AD identities including users, apps, groups, and more.
When to Unregister a Tenant Directory?
Unregistering a tenant directory should be carried out when the services offered to that specific entity are no longer required, or when the entity is being moved to a different Azure Stack Hub. It is a crucial step in managing resources and ensuring the security of Azure Stack Hub.
Steps to Unregister a Tenant Directory
Below are the general steps to unregister a tenant directory:
- Sign in to Azure Stack Hub user portal using the service admin credentials.
- Navigate to the directory + subscription blade.
- Choose your subscription, navigate to ‘Resource Providers’, and click on ‘Unregister’.
- Post the unregistering operation, the status shown would be ‘Unregistering…’ and the entry will disappear after it is finished.
Please note, before unregistering you have to ensure that no more registered applications, users or user-owned resources currently exist in the directory.
Code Example
While the Azure Stack Hub portal provides an interactive way to manage your directories, you can also leverage the Azure Stack Hub PowerShell to achieve similar outcomes. For instance, the following code example demonstrates how you can unregister a resource provider from a tenant directory:
$TenantSubscription = Get-AzSubscription -SubscriptionId “<Sub-ID>”
Select-AzSubscription -Subscription $TenantSubscription
$resourceProvider = Get-AzResourceProvider -ProviderNamespace Microsoft.AzureStack
Unregister-AzResourceProvider -ProviderNamespace $resourceProvider.ProviderNamespace
Please replace ‘<Sub-ID>’ with your specific Subscription ID.
This lines of code will unregister the resource provider associated with the given tenant directory, thus accomplishing the objective of unregistering a tenant directory. Make sure to use appropriate error handling when managing directories and tenant relationships via script to account for potential issues.
Conclusion
Unregistering a tenant directory is a critical part of maintaining the Azure Stack Hub. It’s also a key skill to possess when working towards the AZ-600 Configuring and Operating a Hybrid Cloud with Microsoft Azure Stack Hub exam. Whether you’re an Azure Stack operator, a service admin, or a tenant user, understanding your role, knowing how to manage identity, access, resources are key to successful resource utilization on Azure Stack Hub.
Practice Test
True or False: When a tenant directory is unregistered, the accounts in the Azure Stack Hub user’s Azure AD will no longer have access to the resources in the Azure Stack Hub.
- Answer: True.
Explanation: Unregistering a tenant directory removes the connection between an Azure Stack Hub user and Azure AD. Thus, accounts from the removed Azure AD cannot access resources in Azure Stack Hub.
True or False: It’s not possible to unregister a home directory.
- Answer: True.
Explanation: The home directory is the directory where the Azure Stack Hub operator’s Azure AD account is located. You can’t unregister it because it’s vital for Azure Stack Hub’s operation.
Single Select: Which Azure Stack Hub resources can still be managed in Azure portal after unregistering a tenant directory?
- a. Multi-tenant services
- b. Network resources
- c. Storage resources
- d. None of the above.
Answer: d. None of the above.
Explanation: Once a tenant directory is unregistered, you lose access to Azure Stack Hub resources from the Azure portal.
Choose All that Apply: To unregister a tenant directory, the user needs to have:
- a. Operator privileges
- b. Access to Azure portal
- c. Azure Stack Hub User permissions
- d. Access to the physical Azure Stack Hub
Answer: a. Operator privileges, b. Access to Azure portal.
Explanation: To unregister a tenant directory, the user needs to have operator privilege having access to azure portal. Physical access to the Azure Stack Hub is not required for this operation.
True or False: A tenant directory can be unregistered without stopping or deleting any services.
- Answer: True.
Explanation: You can unregister a tenant directory without stopping services. However, it’s recommended to ensure that no services will be affected before performing this action.
Single Select: Which of the following is a Microsoft recommended step before unregistering a tenant directory?
- a. Backup all tenant data
- b. Deallocate all VMs
- c. Disable multi-factor authentication
- d. Enable guest access
Answer: a. Backup all tenant data
Explanation: Before unregistering a tenant directory, Microsoft recommends backing up all tenant data to prevent loss.
Multiple Select: What are the aftereffects of unregistering a tenant directory?
- a. Loss of Access
- b. Loss of Resource
- c. Discontinued Multi-tenant Services
- d. Loss of user roles
Answer: a. Loss of Access, c. Discontinued Multi-tenant Services, d. Loss of user roles.
Explanation: Once a tenant directory is unregistered, all the users and associated resources in the directory lose access to Azure Stack Hub. Multi-tenant services also stop functioning. User roles associated with the directory are also lost.
Single Select: Which type of directory you cannot unregister from Azure Stack Hub?
- a. Azure AD Directory
- b. Home Directory
- c. Guest Directory
- d. Service Directory
Answer: b. Home Directory
Explanation: Home directory is where the Azure Stack Hub operator’s account is located. It cannot be unregistered.
True or False: By unregistering a tenant directory, users will lose ability to log in to Azure Stack Hub.
- Answer: True
Explanation: When you unregister a tenant directory, it breaks the connection between Azure AD and Azure Stack Hub, preventing any users in that AD from logging in.
True or False: It is necessary to perform backup before unregistering a tenant directory.
- Answer: False
Explanation: It is recommended but not necessary to perform backup. However, data loss can occur if backups aren’t taken so it is considered as a good practice.
Interview Questions
What is the first step to unregister a tenant directory in Microsoft Azure Stack Hub?
The first step is to remove all the users in the tenant directory.
What happens if a subscription still exists for a user in the directory that you are trying to unregister?
You cannot unregister a tenant directory if a subscription still exists for a user in the directory. You have to delete the subscription first.
How can you verify if the tenant directory is successfully unregistered?
You can run the cmdlet ‘Get-AzsUserSubscription’ to verify if the tenant directory is successfully unregistered. If the cmdlet returns no subscriptions, it means the directory is unregistered.
Can you unregister a directory if there are still existing subscriptions within it?
No, before you can unregister a directory, you must first remove or transfer all subscriptions.
What should be the status of the directory before you can unregister it?
The directory should be in a “Disabled” status before you can unregister it.
Is it possible to unregister a directory using Azure Stack Hub portal interface?
No, you cannot unregister a directory using the Azure Stack Hub portal interface. You must use Azure Stack Hub PowerShell.
How should you connect to Azure Stack Hub to unregister a tenant directory?
You should connect to Azure Stack Hub with the service admin account to unregister a tenant directory.
What is the PowerShell cmdlet to unregister a tenant directory in Azure Stack Hub?
The PowerShell cmdlet to unregister a tenant directory is ‘Unregister-AzsGuestDirectoryTenant’.
What is the final step in unregistering a tenant directory after performing all the PowerShell commands?
The final step is to confirm the action, as unregistering a tenant directory is a destructive operation and cannot be undone.
What are the permissions required to unregister a tenant directory?
To unregister a tenant directory, you must be an Azure Stack Hub Cloud Operator or a System Global Administrator.
Can a tenant directory be re-registered after being unregistered?
Yes, a tenant directory can be re-registered after being unregistered.
Can you unregister a tenant directory if there are still existing resources within it in Azure Stack Hub?
No, all resources in the tenant directory need to be deleted before it can be unregistered.
Can you unregister a directory while it is still active?
No, to unregister a directory, it needs to be first disabled.
Which PowerShell version is suitable for unregistering a tenant directory in Azure Stack Hub?
The Azure Stack Hub compatible version of PowerShell, AzureRM version 2.4.0 and newer versions, is suitable for unregistering a tenant directory.
What are the implications of unregistering a tenant directory?
Unregistering a tenant directory removes all its users and associated subscriptions. The operation is destructive and cannot be undone.