How to provide admin consent in Azure AD programmatically and remove that last manual step in your automation
Azure Active Directory is not Active Directory! If you've been working with Azure for a while you likely already know this, but this topic is something I see over and over again with people who are getting started with Azure. Azure Active Directory is not a cloud version of Active Directory, and in fact, it bears minimal resemblance to its on-premises namesake at all. The question I see over and over again with people new to Azure, I even answered this question just this week, is “how do I join my servers to Azure AD?
The relationship between an Azure Subscription and Azure AD is not always obvious, but each subscription is tied to to an AAD tenant, this allows for authorization of users in that tenant to undertake operations on that subscription. Sometimes it is necessary to change the tenant a subscription sits under, usually this is either to change the scope of users that can be granted roles in that subscription, delegate permissions for that subscription, or for services like Azure AD Domain Services, which require the subscription to sit under the AAD tenant that contians the AAD DS instance.