Hi Azure Folks!
AAD users from main subscription can't login to the application after failing over the VMs to another region (via ASR).
I'm working on a DR solution for an in-house developed application (consists of a Web server and a DB server in Azure VMs) to replicate across two regions. I've provisioned all resources in a separate Azure subscription (resource groups, VMs, Network interfaces etc..) however, when failed over to the DR via ASR, the application doesn't authenticate users from the main tenant (AAD users).
What's configured:
1. New isolated Subscription containing following resources
2. Shared services resource group
3. Dedicated resource group containing replica VM’s and PaaS resources.
4. Virtual Network for shared resources, DCs, jump hosts.
5. Isolated subnet containing replica domain controllers and shared services.
6. Isolated subnet for Azure Bastion hosts.
7. Isolated subnet to host replica VM’s and resources.
8. A dedicated host used to access isolated DR instance.
My question is, as DR resources are hosted in a totally separate/isolated subscription, would we need to consider other areas (i.e. app registration or integration between two subscriptions) in addition to the above list of items configured (to facilitate the authentication for all AAD users in the main subscription) ? Am I missing something here?
Thanks and appreciate any ideas !
Cheers
Manoj