*
en | de
back to Homeshow in News Center
Guide to Switch Off & Create New Tenants Effectively
Image Source: Shutterstock.com
Microsoft 365 Admin Center
Oct 20, 2022 8:02 AM

Guide to Switch Off & Create New Tenants Effectively

by HubSite 365 about Microsoft

Software Development Redmond, Washington

Pro UserMicrosoft 365 Admin CenterM365 Hot News

Microsoft Experts Guide on Switching Off and Creating New Azure AD Tenants

A Comprehensive Guide: Controlling and Creating New Tenants

Back in November 2022, Microsoft introduced an Azure AD setting "Users can create Azure AD tenants". Albeit this setting is not new, it has unexpected implications in terms of security. Initially, as part of the Azure portal, every user could create an Azure AD tenant. However, administrators were helpless to prevent it, which has changed now.

Thanks to the new setting, administrators have improved control and they can decide which tenant accounts user can create and which they can't. The tenant created by the user is not in any way connected to the corporate one. This was also confirmed by Jef Kazimer, a Principal Product Manager at Microsoft. By using Audit logs, admins are now able to review tenant creation activity by users.

Multiple procedures exist for a user to make an Azure AD tenant. One of them leads to the Azure AD tenant creation via Google search. When generating an Azure AD, the user has to put in information such as the organization name, initial domain name, and region/country.

It takes a few minutes for the new Azure AD tenant to be fully operational. It can be swapped between the user's corporate and the newly created one. The user is a global administrator of his own tenant. It should be noted that the user, although as a member of the tenant, is not able to reset/change his password within his own tenant.

In the Microsoft 365 Admin Center Audit Logs, the admin can see the company creation activity in the Audit Logs. Unfortunately, the admin does not have information about the tenant created by the user. If the Azure AD tenant creation is disabled by the admin, the user can't create new tenants and will receive a 403 error message.

The article also touches on the deletion of user accounts in the corporate tenant and how it impacts the tenant. As the user employed corporate identity to access the tenant, if the said account gets deleted, access to the tenant is also lost. It is thus recommended to turn off this setting.

The detailed information on how to disable Azure AD tenant creation via web portal, PowerShell, and Microsoft Graph API is provided. This feature permits admins to control tenant making by their users and to restrict it to a few ones.

More On Azure AD Tenant

Overall, Azure AD Tenant's creation is an immensely vital feature providing a platform for creating multiple resources such as users, groups, and apps, and to manage access to these resources.

The new improvements by Microsoft have given the administrators the needed leeway to exercise control over the creation activity. Microsoft is constantly working to eliminate any potential security threats, and by offering customizable settings, it has taken a step in the right direction.

Going forward, tenant admins can limit their users' ability to fabricate new spaces, which harmonizes expectations of security and freedom. Importantly, these activities can be monitored using Audit logs, adding another layer of supervision.

With Microsoft's incessant efforts to improve and refine their products, users can look forward to a more sophisticated and secure administrative environment.

Read the full article How to Switch Off & Create New Tenants: A Comprehensive Guide

Microsoft 365 Admin Center - Guide to Switch Off & Create New Tenants Effectively

Learn about How to Switch Off & Create New Tenants: A Comprehensive Guide

In our digital world today, the ability to control and manage access to digital resources is crucial. The topic to be explored today is switching off and creating new tenants on Microsoft 365, with a focus on the Microsoft 365 Admin Center. This is a significant aspect of the platform's Azure Active Directory (Azure AD), and its management is essential to maintaining safe, efficient, and effective digital workspaces.

Azure AD is a core component of Microsoft 365, providing the directory service. It allows users within an organization to sign in and access various services. A tenant represents an organization in Azure AD. A comprehensive guide on how to switch off and create new Azure AD tenants was introduced around November 2022.

Previously, any user could create an Azure AD tenant with their corporate account from the inception of the Azure portal. There was no setting for admins to prevent this, which was quite problematic. However, with the November 2022 update, administrators gained control over user's ability to create Azure AD tenants, thereby improving security.

Once a new setting is in place, the user-created tenant is independent of the corporate tenant. In other words, the newly created tenant is not associated in any way with the corporate tenant.

Notably, the user is a member of their created tenant but with an External Azure AD identity. This means that the user holds global admin rights to their own tenant. However, the user cannot reset or change their password within their own tenant for their account.

In the organizational tenant, admins can see the action in the Audit Logs under 'Activity Type Create Company'. But they don't receive any information about this tenant and cannot switch to the newly-created tenant. When the Azure AD tenant creation is disabled, users can't create any new Azure AD tenants, and a 403 error code appears.

The admins have three different methods to disable Azure AD tenant creation - via web portal, PowerShell, or Microsoft Graph API. The capability is limited only to those users with Global administrator or Tenant Creator Role.

  • Portal Method: Sign in to the Azure management portal and navigate to the path where you can manage settings related to user tenants creation.
  • PowerShell: It requires Policy.ReadWrite.Authorization permission. You need to install the latest version of the Microsoft Graph PowerShell module, and connect to Microsoft Graph with the required scope.
  • Microsoft Graph API: Send a PATCH request to a specific endpoint with the required policy settings in the request body.

This ability to restrict users' creation of new Azure AD tenants improves security by ensuring control over tenant creation. A central authority can allow specific users to create tenants by assigning them the 'Tenant Creator' role. You can access such settings via Microsoft 365's management portal.

In summary, effective management of Azure AD tenants via Microsoft 365's Administration Centre is crucial for securing digital workspaces. This guide provided an walk-through for admins seeking to maintain control over the creation of Azure AD tenants within their organizations.

More links on about How to Switch Off & Create New Tenants: A Comprehensive Guide

How to turn off your Android phone
May 26, 2023 — Most Android phones can be switched off by pressing and holding the power button or side key. If this doesn't work on your device, try holding ...

Keywords

Switch Off Tenants, Create New Tenants, Comprehensive Tenant Guide, Tenant Switching Guide, Tenant Transition Guide, New Tenant Creation, Tenant Change Process, Comprehensive Guide Tenants, Switching Off Tenants Tutorial, How to Switch and Create Tenants.

back to Homeshow in News Center
© NetForce 365 GmbHv1.8.6
Privacy Policy
Imprint
Contact us
Become a publisher
Advertise with us
FacebookInstagramXLinkedIn
NetForce 365 GmbH
Bobinethöfe 54
54294 Trier
+49 651 49364480
info@netforce365.com
HubSite 365 Apps