Collaborate across M365 tenants with Entra ID multi-tenant organization
Hi everyone,
I’m excited to announce the general availability of Microsoft Entra ID multi-tenant organization platform capabilities!
As your organization evolves, you may need to integrate multiple tenants to facilitate collaboration; for example, your organization may have recently acquired a new company, merged with another company, or restructured with newly formed business units. With disparate identity management systems, it can be costly and complex for admins to manage multiple tenants while ensuring users across tenants have access to resources to collaborate.
To enable application sharing across tenants, many of you have already deployed features like B2B collaboration to grant application access across tenants in your organization, cross-tenant access settings to allow for granular access controls, and cross-tenant synchronization to manage the lifecycle of users across tenants.
To further improve employee collaboration across your tenants, many of you have asked for unified chat across tenants in Microsoft Teams and seamless cross-tenant employee engagement and community experiences in Viva Engage.
You can now use Entra ID multi-tenant organizations to improve the cross-tenant collaboration experience in Microsoft Teams and Viva Engage. The capabilities are now generally available with Microsoft Entra ID P1 in the M365 commercial cloud.
Multi-tenant organization capabilities:
Get started with Entra ID multi-tenant organizations:
In this example, we’ll follow Contoso EMEA and Contoso APAC, two divisions of Contoso Conglomerate. Employees from Contoso EMEA and APAC are already using Microsoft Entra to share apps across tenants. Now they need to communicate across tenants using Microsoft Teams and Viva Engage. Leaders in the organization need to share announcements and storylines across the organization and employees need to chat using Teams. Let’s look at how the admins at Contoso configure their multi-tenant organization to meet these needs.
Step 1 – Form a multi-tenant organization
The tenant administrators of Contoso EMEA and Contoso APAC agree to form an Entra ID multi-tenant organization, facilitated by an invite-and-accept flow between them. The Contoso EMEA admin navigates to the M365 admin center and initiates the process, while the Contoso APAC admin confirms. This results in a mutually agreed upon multi-tenant organization of two tenants in both directories.
Microsoft Teams and Viva Engage applications in Contoso EMEA (APAC) will now interpret any external member users of identity provider Contoso APAC (EMEA) as employees of the multi-tenant organization with corresponding improved collaboration experience.
Step 2 – Provision external member users at scale
Microsoft Teams improved collaboration experience relies on reciprocal provisioning of collaborating users. So, Alice of Contoso EMEA should be provisioned as an external member user into Contoso APAC, while Bob of Contoso APAC should be provisioned as external member user into Contoso EMEA.
Viva Engage improved employee engagement experiences rely on centralized provisioning of employees into a central tenant, say Contoso EMEA. As such, Bob of Contoso APAC should be provisioned as an external member user into Contoso EMEA.
Cross-tenant synchronization is the ideal tool to accomplish this at scale, via the Entra admin center for complex identity landscapes, or via the M365 admin center for simplified setups. If you already have your own at scale user provisioning engine, you can continue using it.
Step 3 – Complete requirements by Microsoft Teams or Viva Engage
Any Microsoft Teams requirements such as using the new Teams clients can be found under M365 multi-tenant collaboration, while any Viva Engage configuration requirements can be found under Viva Engage for multi-tenant organizations.
Once your requirements for Microsoft Teams and/or Viva Engage have been completed, your employees will be able to collaborate seamlessly across your organization of multiple tenants, with unified chat experiences in Microsoft Teams and seamless conversations in Viva Engage communities.
How does multi-tenant organization licensing work?
Entra ID multi-tenant organization license requirement – Your employees can enjoy the new multi-tenant organization platform benefits with Microsoft Entra ID P1 licenses. Only one Microsoft Entra ID P1 license is required per employee per multi-tenant organization. For Microsoft Teams and Viva Engage license requirements, please review the M365 multi-tenant organization announcement.
I’m very excited for this milestone which helps your multi-tenant organization achieve better collaboration and communication experiences for your employees! Go and plan your multi-tenant organization rollout today. We love hearing from you and look forward to your feedback on Azure forum.
Joseph Dadzie, Partner Director of Product Management
Linkedin: @joedadzie
Twitter: @joe_dadzie
Learn more about Microsoft Entra:
Related Articles:
What is a multi-tenant organization in Microsoft Entra ID?
What is a cross-tenant synchronization in Microsoft Entra ID?
Properties of a B2B guest user – Microsoft Entra External ID
See recent Microsoft Entra blogs
Dive into Microsoft Entra technical documentation
Join the conversation on the Microsoft Entra discussion space and Twitter
Learn more about Microsoft Security
Microsoft Tech Community – Latest Blogs –Read More