I have many B2B and B2C Azure Active Directory instances. How do I assign one to KeyVault?

Question

I used the following powershell commands to create an Azure Key Vault:

//https://learn.microsoft.com/en-us/azure/key-vault/key-vault-get-started

Login-AzureRmAccount –Environment (Get-AzureRmEnvironment –Name AzureCloud)
set-azureRMContext -SubscriptionId ( Get-AzureRmSubscription -SubscriptionName "Visual Studio Enterprise").SubscriptionId

// Register-AzureRmResourceProvider -ProviderNamespace "Microsoft.KeyVault" (if error occurs in subscription)
New-AzureRmResourceGroup –Name "VaVaultRG" –Location 'SouthCentralUS' 

New-AzureRmKeyVault -VaultName "VaVault" -ResourceGroupName "VaVaultRG" -Location 'SouthCentralUS' 

The instructions here tell me how to link a web application to KeyVault. This leverages (both? ... either??) Azure AD B2C / B2B

• How can I make my associate my KeyVault with a specific directory?

Answer 1

A Key Vault is associated with the Azure AD associated in the subscription where it was created by default. If you want to switch the Azure AD tenant, you can find guidelines here: https://learn.microsoft.com/en-us/azure/key-vault/key-vault-subscription-move-fix

The example PowerShell script there:

$vaultResourceId = (Get-AzureRmKeyVault -VaultName myvault).ResourceId
$vault = Get-AzureRmResource –ResourceId $vaultResourceId -ExpandProperties
$vault.Properties.TenantId = (Get-AzureRmContext).Tenant.TenantId
$vault.Properties.AccessPolicies = @()
Set-AzureRmResource -ResourceId $vaultResourceId -Properties $vault.Properties

Here the TenantId is switched to the one which is currently active. (Get-AzureRmContext).Tenant.TenantId returns the GUID for the tenant.