Microsoft Entra Multi Tenant Collaboration with FULL DEMO
Вставка
- Опубліковано 23 лип 2024
- In this episode I’ll take a look at Multi Tenant collaboration and synchronisation in Microsoft 365 and Entra ID. This is an awesome and super powerful new feature that enable users between 2 tenants to collaborate and work seamlessly without interruption. In this video I’ll walk you through a step by guide into setting up the feature and understanding how it works.
For more on me visit Andymalonr.org
Support me on Patreon Patreon.com/AndyMaloneMVP
For more information on our sponsor and its awesome security products visit. attaininsight.com/directory-s...
Timecodes
00:00 Introduction
02:32 Introducing Microsoft 365 / Entra Multi Tenant Collaboration & synchronisation
04:44 The Creation Wizard
06:45 The Join Wizard
10:56 The Sync Process
12:31 Configuring Tenant Restrictions
17:12 Success!
19:07 Configuration Cross Tenant Sync Options In Microsoft Entra
22:44 Session Conclusions
I really like the way you teach and present stuff, keep going & love from Switzerland
Brilliant! Easy to follow with a pleasant voice and cadence. You're excellent! Thank you! Cheers!
Hi Andy,
Thank you for the content shared. Our team is preparing for the MTO & Cross-tenant sync.Your video is very helpful. Thank you again.
Thank you for keeping all admins updated! ✌🏼
My pleasure!
From your great Fan! Thanks for all you do for the MS community, Andy
Thank you too!
Great tool, I implemented b2b collaboration a while ago for 3 companies using the same building so they could book conference / meeting rooms and utilise the meeting room resources
Hello. Late question, but how did you configure that?
Great. Thanks Andy.
Love your work andy
Thanks👍
Awesome video! CTS hopefully can let organizations interact seamlessly.
Thank you Andy :)
My pleasure!
Awesome 🎉
Thanks for the videos and helpful guidance Andy! Question for you on collaboration and specifically for sending messages and making calls in MS Teams to people on other tenants that are part of the multi-tenant synch process. I have this setup and i can locate people from the neighboring tenants. However, when I try to send a message in Teams to someone on an external tenant, it sends normal, but is never received.
As for Teams calling, the calls start ringing and then show they are automatically getting forwarded to voicemail. I did test a message/call between two users in the same tenant and that worked fine.
Is there an additional setting/config that needs to be enabled for multi-tenant messages/calls ?
Hmm could be either a licensing or permissions issue. Check external settings in teams, also guest tenant permissions. You e actually given me an idea for another video 👍
Thanks Andy. I am presuming this would be great for companies that operate under the same umbrella but want to maintain their individual company identity?
Absolutely
Thanks, would be nice to see cross tenant collab be a little more seamless.
We have our users use the external ID when adding users to groups and chats in teams, otherwise they add the synced ID and teams never notifies you unless you log in with that ID.
awesome :-)
If you share users and groups, do you also get to share hardware within each tenant, eg printers? Might be a security risk, printing docs, but can you do this and then determine granularities regarding printing docs deemed/ marked as non-sensitive in Outlook? How would the policies work for sending emails? And what about firewalls? Do any of the tenants firewalls take precedence?
Hmm not sure I’ve not tried it yet
Love the video, do I need to assign license to the external user in the parent tenant ? External User has an existing M365 license on the child tenant(home tenant)
This is currently in debate at the moment. Yes is the answer but this may change soon.
Does Trust Establishment between Office 365 Tanners happen ?
For example, we want to be able to see and authorize users of all companies in applications such as sharepoint and planner.
It's called Multi Tenant Collaboration. Check out learn.microsoft.com
Thanks Andy, can we use multiple ad connect servers to sync same directories to the separate Tenants
The cloud sync tool is great for this but only support Password Hash Sync
Great Video. Easy to follow.
I have a question though, is there an easy way to un-share a user.
When I click on share, then the cross on the user I cannot save.
When I go into cross-tenant sync, u sers and groups I can remove assignment for the user. But they remain in the other tenants AD Still
Check licence
Is this possible with Exchange? If there is a shared mailbox that both tenants need access to, can you add members of both tenants to the same shared mailbox?
Yes
Does Microsoft's B2B pricing apply to this setup since the users are synced in as members and not guests?
Is this is currently in public preview, no pricing information has been published yet. Hopefully it won’t be too long.
Hi Andy,
Thanks for the excellent video, I have one doubt for the B2B licensing.
The synced user is a member of B2B tenant(destination), if the user wants to access some power apps mean will the source tenant licenses is enough or again, we need to assign one more license in B2B tenant(destination)?
Gosh I honestly don't know that one! I'd contact MS for this.
Thanks @@AndyMaloneMVP
We've had to add a licence to the B2B guest to get things like Viva/Yammer working.
@@liam2161 Ah there you go. You m delighted you’ve got it working. 👍
For the Calendar and contact sharing does all the users need Entra P1 license or only one for the tenant. Please advise
Users licensed in 1 tenant can now carry those licenses into the second. Min P1 requried.
One other thing to mention is if you already had a "Guest" account created in the other tenant before you turned on the multi-tenant mode, then by default that account was created as a "Guest" account, and it will not by default change to a "Member" account. You can either do that manually by editing the attribute in the receiving tenant, or if you go into the Cross tenant sync>>>Open the configuration>>>>select Provisioning>>>Mappings>>>Click provision Azure active directory Users>>>Scroll to the bottom for user type (It will be "Member" by default), click on it and then at the bottom change the "Apply this mapping" from only during object creation to Always. Then next sync it will update them all from guest to member.
Great comments thanks 👍
@Fangel090 what is the business use case/scenario that you would want to switch all guest accounts over to member accounts?
Also @AndyMaloneMVP, is there any viable way to know what functionalities have been added or updated by Microsoft? I'm still trying to find more updated information on how GCCH tenants are impacted, and if guest accounts have been impacted or improved by any more recent changes. A lot of information out there even on Tech Community is from 2020-2021, which in some respects is outdated information now.
@@DKTD23 By default the new multi-tenant creates the accounts it syncs as members vs a Guest so I was just pointing it out. But there are some advantages to this in terms of how things work in Sharepoint for collaboration, but it also caused some issues in Teams that MS hasn't yet worked out, so we had to force the sync to change everyone to guests to get teams to work ok. Still a lot of bugs with multi-tenant to work out on the MS side as it should make life very easy for synced tenants, but thats still not the case.
@Fangel090 what issues with Teams occurred? And why did the collab finction work better in guest mode vs members? If that was commercial to commercial then certainly commercial to gcch or gcch to commercial will likely pose the same issues
Are there any requirements for the multi-tennant setting to show under organization profile? Dont seem to have that setting for our tennancy.
It's in preview at the moment, but generally you'd need a P1 or P2 licence.
You also need to have "Targeted release" enabled in every tenant that wants to use this feature currently along with the P1 or P2 license as mentioned above. @davac002 @@AndyMaloneMVP
@@AndyMaloneMVP , so obviously no way for multi-tenancy in M365 Basic and Standard
@@serhiiparshyn7882 correct, although you can manage multiple tenants in Microsoft Lighthouse
Is cross tenant collaboration available in Microsoft Office 365 Basic Plan?
No I’m afraid not
between two tenants, T1 and T2, is being labeled as "external." In Microsoft teams, "external" typically indicates communication outside of the immediate organizational or tenant boundary. how we will fix
Hi Andy. I have the same question as above. Is there a way to suppress a user from being labeled as "External" when doing multi=tenant collaboration?
Would you know why I cannot see Multitenant collaboration (preview) in Settings > Org settings > Organization profile tab?
You must have a business edition, not enterprise.
@@AndyMaloneMVP I have M365 Apps for companies. I guess it is the same case like Enterprise edition, right?
@@AndyMaloneMVP aha, I did not have Entra ID P1 license that is required
Hi , very good demo. however how is this different from contact
It creates a guest account n Entra ID. Contacts do not
Are you/ have you done a video on MFA Server deprecation? 14:21 into the video, says you need to migrate to Azure AD-MFA before Sept '24 to avoid any service impact
Would love to see something on this
No I have not sorry.
Is this approach suitable for B2B scenarios or a SaaS application for enterprises?
I do t see why not
If i have premium apps in my account and would like to help another company. Would my licence stay or will the other company owner need to buy me all the licences? If they need to buy all licence again i don't see a big use case for me.
If you’re talking about assisting them via admin tools, may I recommend that you install Microsoft Lighthouse. In this application you can manage all of your tenants.
Would synchronized users appear in my global address list in Exchange?
Yes as contacts
@@AndyMaloneMVP Love it, thank you!
How does this work with users that we sync from On-prem using Azure AD Sync?
It’s independent
@@AndyMaloneMVP so by that do you mean that we won’t be able to sync uses from our tenant to another one because they are on-prem synced?
@@noahpeltier Asking the same question
@@noahpeltier This won't interfere with AAD Sync. The Multi Tenant Collaboration basically sets up another sync between the source and destination tenant. Has nothing to do with your onprem to MS365 AADSync.
In the 11:11 mark, when you want to save after you've shared users to the other tenant, you get a message saying "Are you sure you want to save... This change will overwrite any previous configurations settings in Azure Active Directory" - what does that exactly mean? Pretty scary popup...
Also, how do I remove the group I shared, if I regret it?
Cross tenant aync
@@AndyMaloneMVP ah so it will remove the current cross tenant sync config?
Thank you for the video! Do you know if Multi Tenant Collaboration allows access to calendars via Scheduling Assistant across tenants? What about Sharepoint access across tenants?
Yes, you can use SharePoint across multiple tenants
Nice video but I still find this complex and worry about inadvertently opening up a security hole.
Plan carefully I think
Hi Andy! My name is Fer Peláez. I've sent you a note on LinkedIn to inquire about a Microsoft consulting for my business. I would love to chat with you if possible. Thanks!
Hi yes I did receive your message. Unfortunately I had an appointment today. I’m afraid I’m unable to take on this work due to my heavy workload at the moment. I do wish you all the best though and if I may suggest visit Microsoft.com/MVP and you might be able to locate an MVP or a Microsoft partner close to where you live. This may be more appropriate. I wish you all the best and good luck, Andy
No problem. Thanks, @@AndyMaloneMVP !