Demystifying Unmanaged Tenants with Microsoft Fabric & Power BI

Key insights

• Unmanaged Tenant: An unmanaged tenant in Microsoft Entra ID is a tenant without an assigned global administrator, created automatically when a user from an organization without a Microsoft Entra tenant signs up for services like Microsoft Fabric or Power BI.


• Challenges with Unmanaged Tenants: Operating with an unmanaged tenant can make it difficult to manage and configure services. It is advisable for organizations to transition to a managed tenant by assigning a global administrator.


• Transitioning to Managed Tenant: Transitioning involves assigning a global administrator to take control over the unmanaged tenant, ensuring proper management and security of the organization's Microsoft services.


• Creating a New Tenant: To create a new tenant, sign in to the Azure portal, navigate to Microsoft Entra ID, and follow the steps to set up your organization’s specific instance of Microsoft Cloud services.


• Global Administrator Role: The first user of a new tenant is automatically assigned as the Global Administrator. It's recommended that organizations have two emergency access accounts permanently assigned this role for critical situations.


• Managing Resources: After creating a new tenant, users can add domain names, users, groups, and manage application access through Azure role-based access control (RBAC) and Conditional Access features.

Understanding Unmanaged Tenants in Microsoft Entra ID

Microsoft Entra ID, previously known as Azure Active Directory, plays a crucial role in managing identities and access within an organization. An unmanaged tenant, often referred to as a "shadow tenant" or "self-service-created tenant," emerges when a user from an organization without an existing Microsoft Entra tenant signs up for Microsoft services like Fabric or Power BI. This type of tenant is automatically created to provide immediate access to the service with minimal configuration. However, it lacks the oversight of a global administrator, which can lead to challenges in managing, configuring, and supporting services effectively. Operating with an unmanaged tenant can be a temporary solution that allows organizations to access Microsoft services quickly. Yet, it is not ideal for long-term management due to the absence of administrative control. Therefore, transitioning to a managed tenant by assigning a global administrator is highly recommended. This transition enables organizations to maintain control and security over their Microsoft services, ensuring smoother operations and better governance.

The Importance of Transitioning to a Managed Tenant

Transitioning from an unmanaged to a managed tenant is essential for organizations seeking to leverage Microsoft services effectively. When a tenant is unmanaged, there is no assigned global administrator, which means that critical administrative tasks cannot be performed. This lack of oversight can lead to difficulties in managing user access, configuring settings, and ensuring the security of the organization's data. By assigning a global administrator, organizations gain the ability to manage their Microsoft services comprehensively. This role allows for the configuration of security settings, management of user accounts, and oversight of service usage. Furthermore, having a managed tenant ensures that the organization can implement best practices for identity and access management, reducing the risk of unauthorized access and data breaches. The process of transitioning to a managed tenant involves assuming control over the unmanaged tenant. This can be achieved by following specific steps to assign a global administrator and configure the tenant according to the organization's requirements. Once this transition is complete, organizations can enjoy the full benefits of Microsoft services with enhanced security and management capabilities.

Creating a New Tenant in Microsoft Entra ID

For organizations looking to establish a new tenant in Microsoft Entra ID, the process is straightforward but requires careful consideration. Creating a new tenant allows organizations to manage a specific instance of Microsoft Cloud services for both internal and external users. This setup is crucial for organizations that need to maintain control over their cloud resources and ensure seamless access for their users. To create a new tenant, organizations must first sign in to the Azure portal. From there, they can navigate to the Microsoft Entra ID section and select the option to create a new tenant. The process involves selecting the type of tenant, entering the desired organization name and initial domain name, and specifying the country or region. Once these details are reviewed and confirmed, the new tenant is created with a domain like contoso.onmicrosoft.com. It's important to note that only paid customers can create a new Workforce tenant in Microsoft Entra ID. Free tenants or trial subscriptions do not have this capability. Additionally, organizations should ensure that tenant creation is enabled in their user settings to avoid any issues during the setup process.

Managing Your New Tenant

Once a new tenant is created, the first user automatically becomes the Global Administrator. This role is pivotal in managing the tenant's settings, user accounts, and overall functionality. As the Global Administrator, the user has the authority to configure the tenant according to the organization's needs, ensuring that all users have appropriate access and permissions. Organizations are advised to have at least two cloud-only emergency access accounts permanently assigned the Global Administrator role. These accounts are reserved for emergency situations where normal accounts are inaccessible or when all other administrators are locked out. Following the emergency access account recommendations ensures that organizations have a safety net in place for unforeseen circumstances. In addition to managing user accounts, the Global Administrator can add custom domain names, create groups and members, and implement Azure role-based access control (RBAC) and Conditional Access policies. These features help organizations manage application and resource access effectively, enhancing security and operational efficiency.

Cleaning Up Resources

If an organization decides not to continue using a particular tenant, it is important to clean up resources to avoid unnecessary costs and maintain a tidy environment. The process involves signing in to the directory that needs to be deleted and selecting the option to delete the directory from the Microsoft Entra ID overview page. This action removes the tenant and all associated information, freeing up resources for other uses. Organizations should also consider reviewing their user settings and ensuring that any unused or redundant accounts are removed. This practice helps maintain a secure and efficient environment, minimizing the risk of unauthorized access and data breaches.

Next Steps and Additional Resources

After setting up and managing a Microsoft Entra ID tenant, organizations can explore additional resources to optimize their usage of Microsoft services. Learning about Azure role-based access control (RBAC) and Conditional Access can provide valuable insights into managing application and resource access effectively. Additionally, organizations can delve into Microsoft Entra ID's basic licensing information, terminology, and features to fully understand the capabilities available to them. In conclusion, understanding and managing Microsoft Entra ID tenants is crucial for organizations seeking to leverage Microsoft services effectively. By transitioning to a managed tenant, creating new tenants, and managing resources efficiently, organizations can ensure seamless access, enhanced security, and optimal performance of their cloud services.

Keywords

Unmanaged Tenant Entra ID Microsoft Fabric Power BI Guide Understanding Unmanaged Tenants Entra ID Tutorial Microsoft Fabric Integration Power BI Tips