Microsoft has announced multi-tenant organisations (MTOs) in Microsoft Entra ID as part of their latest preview. This allows the configuration of up to five Entra ID tenants connected via cross-tenant access synchronisation. A multi-tenant organisation makes collaboration and resource access between tenants easier and more seamless. The tenant that creates the MTO acts as the owner, while the others are members.
Once ascended as owner, you can invite member tenants to join. Configuration for Microsoft 365 multi-tenant organisations occurs in the Microsoft 365 admin center, but most of the supporting infrastructure is in Azure Active Directory (Azure AD). User synchronisation between tenants occurs through Azure AD B2B collaboration users, with a user type of 'member' rather than 'guest'.
- It's suggested to start with a small set of users for rollout, then expand to all users across all tenants for the best user experience.
- To create a multi-tenant organization, you need to synchronize users in the Microsoft 365 admin center so that the same users and groups are synchronized to all tenants in the multi-tenant organization.
- The best user experience is also made possible in multi-tenant organizations through the new Microsoft Teams desktop client. With this, users can receive real-time notifications and participate in chats, meetings, and calls across all tenants without needing to switch tenants.
- External access must be configured for each tenant and should allow the domains of all the tenants in your multi-tenant organization.
- The maximum of five tenants in the multi-tenant organization is supported up to 100,000 users per tenant.
There are some limitations for the multi-tenant organizations in Microsoft 365 preview such as Teams on the web, macOS, Microsoft Teams Rooms (MTR), and VDI/AVD aren't supported. Also, 'People in your organization' links may not work for users from another tenant if their account had previously been a guest.
Further Configuration Details
Existing cross-tenant synchronization configurations in Azure AD continue to operate even after setting up a multi-tenant organization in Microsoft 365. Synchronization between tenants can be carried out using the Microsoft 365 admin center, or configurations in Azure AD in the case of different users to different tenants. Trusted organizations in external access are required for chats and calls between tenants. To distribute Power BI content to external guest users, Azure AD B2B is used. If there is a need to add more than five tenants or 100,000 users per tenant, contacting Microsoft support is necessary.
Learn about How to enable Multi Tenant Collaboration in Microsoft Entra!
Microsoft has released multi-tenant organisations (MTOs) in Microsoft Entra ID to enable collaboration between multiple tenants. This video shows how to configure an MTO. To get started, the global administrator in the owner tenant needs to create the multi-tenant organization and invite the member tenants. Then, a global administrator in each member tenant can join the MTO. To facilitate collaboration between users in different tenants, user synchronization is done using Azure AD B2B collaboration users. We recommend starting with a small set of users before rolling out to the entire organization. For the best user experience, it is recommended to synchronize all users across all tenants in the multi-tenant organization. Additionally, cross-tenant access settings in Azure AD and the new Microsoft Teams desktop client must be configured to enable multi-tenant collaboration. In addition, trusted organizations in external access must be set up.
More links on about How to enable Multi Tenant Collaboration in Microsoft Entra!
- Configure cross-tenant synchronization - Microsoft Entra
- Jul 21, 2023 — Configure cross-tenant synchronization · Step 1: Plan your provisioning deployment · Step 2: Enable user synchronization in the target tenant.
- Configuring multi-tenant user management in Azure Active ...
- Jul 28, 2023 — Microsoft recommends a single tenant when possible. Having multiple tenants can result in unique cross-tenant collaboration and management ...
- Multi-tenant organizations documentation - Microsoft Entra
- A multi-tenant organization is an organization that has more than one instance of Azure Active Directory. Describes ways that users can have a seamless ...
- Multi-tenant organization scenario and Azure AD capabilities
- 6 days ago — To enable users across tenants to collaborate in Teams Connect shared channels, you can use Azure AD B2B direct connect.
- Configure cross-tenant access settings for B2B collaboration
- Aug 4, 2023 — Sign in to the Azure portal using a Global administrator or Security administrator account. · Select External Identities, and then select Cross- ...
- Cross-tenant access with Azure AD External Identities
- Aug 15, 2023 — To collaborate with a partner tenant in a different Microsoft Azure cloud, both organizations need to mutually enable B2B collaboration with ...
- What is cross-tenant synchronization?
- Cross-tenant synchronization automates creating, updating, and deleting Azure AD B2B collaboration users across tenants in an organization. It enables users ...
- Topologies for cross-tenant synchronization - Microsoft Entra
- May 9, 2023 — Cross-tenant synchronization provides a flexible solution to enable collaboration, but every organization is different. Each cross-tenant ...
- Configure Microsoft cloud settings for B2B collaboration
- Aug 15, 2023 — To enable B2B collaboration with a partner's Azure AD organization in another Microsoft Azure cloud, you'll need the partner's tenant ID. Using ...
- Enable B2B external collaboration settings - Microsoft Entra
- Mar 15, 2023 — Select External Identities > External collaboration settings. Under Guest user access, choose the level of access you want guest users to have:.
Multi-Tenant Collaboration, Microsoft 365, Azure AD, User Synchronization, Cross-Tenant Access, Trusted Organizations