what is Tenant?
Tenant represents organization/company.
Tenant means company Azure account. All azure resources will be created in tenant.
Tenant has one or more subscriptions.
what is subscription?
Subscription is required for billing. Subscription contain resource-group , resource group contain resources vms/firewall/vnet etc. So if any VM is ON it will be billed to the associated resource group/subscription.
So subscription is bill of consumed azure resources by tenant(organization) in azure.
DIRECTORY SERVICE
Each tenant has directory service so that only authenticated users can have access to resources (vms/firewall/vnet ) under subscription.
In other words,
VM(resource) is created
that VM will be part of resource group ,
resource group will belong to subscription
and subscription belong to Tenant(organization).
So if organization user need to access resources present under subscription then firstly he/she needs to be authenticated in Tenant.
Another tenant(company) employee can also access our tenant(company) resources if he/she has been granted permission to access our tenant.
Firstly check if user/employee part of Tenant(organization).
Active Directory will check this.
Tenant contains Directory service for this purpose.
if yes he/she can access Tenant > subscription > resource group > resource (VM).
This Directory Service is tagged/configured under Subscription.
Each subscription can only be tagged with one directory service.
Travel first die next 