Entra ID Multitenant Organization (MTO) is a powerful tool for managing multiple Entra ID tenants under a single umbrella.

Whether you’re a performing a divestiture activity or a multinational conglomerate, understanding Entra ID MTO can optimize your operations and security. This article will dive into the essential aspects and benefits of utilizing Entra ID MTO in different scenarios.

In this article, we will go over:

Let’s dive into the details.

Entra ID Multitenant Organizations and Its Capabilities

Entra ID Multi-Tenant Organizations offer a robust framework for managing multiple tenants within a single overarching system. These organizations enable centralized management of resources, policies, and security across different tenant environments, ensuring consistent governance and streamlined operations. Essentially, an automated way of synchronizing identities into a target tenant. Many of the multitenant capabilities share the same features as Microsoft Entra External ID for guests. Here are some key capabilities:

  1. Cross-tenant access settings: Core location of settings for allowing/disallowing access to a tenant.
  2. B2B direct connect: This is where to establish a two-way trust between tenants. It is for Teams collaboration, and users are only visible in Teams, not in the directory (Entra).
  3. B2B collaboration: Provides access to applications; users are visible in the directory but not in Teams.
  4. Cross-tenant synchronization: A service that synchronizes users into target tenants. It’s responsible for creating, updating, and deleting B2B users.
  5. Microsoft 365 multitenant people search: Users will appear in the Global Address List if the attribute “showInAddressList” is set to true (this is set to true by default). If the user(s) are added to the tenant as members, they will be available to most M365 applications.
  6. Multitenant organization: The boundary for the Entra ID tenants in a Multitenant organization.
  7. Microsoft 365 admin center for multitenant collaboration: Alternative admin portal (Entra admin center) to perform multitenant configurations.

The licensing requirement is a Microsoft Entra ID P1 license. This is one P1 license per user per multitenant org. You must also have at least one per tenant, if you have a target tenant that does not have any P1 licenses there will need to be at least one provisioned.

By leveraging these capabilities, businesses can achieve enhanced operational efficiency, improved security posture, better compliance with regulatory standards, all while easing the burden of user management from other tenants. Entra ID MTOs provide a comprehensive solution for managing complex, multi-tenant environments, enabling businesses to focus on their core objectives while maintaining robust security and governance.

Entra ID Multitenant Org Benefits and Key Use Cases

Entra ID Multitenant Orgs has many benefits and use cases. In the following section, we’ll highlight both. Understanding the proper use cases will help your decision making on when to use multitenant org over other B2B options. Here are some of the benefits:

  1. Identify in-organization and out-of-organization external users: Users outside of a multitenant org can be differentiated from external users originating from outside of the multitenant orgs.
  2. Better experience in Teams: In new Teams user will have a better experience with chat, call, and meeting start notifications from all connected tenants within the multitenant org.
  3. Improved experience in Viva Engage: Viva Engage for multitenant organizations allows complex and distributed organizations to communicate as a unified network.

Identifying the use cases for MTOs will help you understand when to use multitenant organizations and when to use other B2B options such as B2B direct or cross-tenant synchronization. While multitenant organizations leverage many of the B2B technologies, it’s important to understand that these technologies can be implemented independently of MTOs and have use cases other than MTOs. Here are some of the primary examples:

  1. Mergers and acquisitions
  2. Conglomerates
  3. Divestitures
  4. Multiple Azure Clouds
  5. Multiple geographical boundaries
  6. Test or staging tenants
  7. Department or employee-created tenants

In a nutshell, Entra ID Multitenant Organizations are meant to grant access to users across tenants within an organization that has more than one Entra ID Tenant. This functionality is not designed to cross organizational boundaries. Here are some of the reasons that should drive your decision for adoption:

  1. A need to seamlessly share data with M365 applications.
  2. Have a unified Address Book in Outlook
  3. Provide an enhanced Teams experience in the New Teams App
  4. Provide access to applications hosted across tenants.
  5. Users within your organization should be members and not guests when added to a tenant with your organization.
  6. A need to automatically provision users across all tenants
    1. This can be scoped to a specific set of users, but it is recommended all user across all tenants be replicated.

In situations where you need to provide access to external partners or companies you should use other Entra ID B2B solutions. These include:

  1. B2B collaboration
  2. B2B direct connect
  3. External ID B2B collaboration
  4. Cross-tenant synchronization

Entra ID Multitenant Organizations have many benefits and use cases. It’s important to understand the why and what to provide the correct solution, when it comes to providing external access to your tenant.

Things to consider when setting up an Entra ID Multitenant Organization

There are several things to taking into consideration when setting up an Entra ID Multitenant Organization. Being prepared to discuss these items will help prepare you for the adoption of an MTO. Here a some of the top-level items to think about:

  • The number of tenants that will be part of the MTO.
  • The tenant that will be the “Owner” or root/source tenant.
  • The number of users per tenant.
  • Will scopes be used when syncing users?
  • Are there existing users that are currently being synced from in scope tenants?
  • What are the requirements for the policy templates?
  • Is there going to be a need for directory extensions for cross-tenant sync?

Setting up an Entra ID Multitenant Organization involves several crucial considerations to ensure a smooth and efficient implementation. Being prepared to discuss these items in detail will not only help in planning but also in avoiding potential challenges during the setup. Gathering this information ahead of time ensures that your MTO project is well-organized and poised for success. With careful planning and thorough preparation, you can leverage Entra’s multitenant capabilities to enhance your organization’s identity management and security infrastructure.

Conclusion

Entra ID Multitenant Organization (MTO) is a powerful tool for managing multiple Entra ID tenants under a single organization. It provides a robust framework for centralized resource, policy, and security management across different tenant environments. Whether you’re performing a divestiture activity or managing a multinational conglomerate, understanding Entra ID MTO can optimize your operations and enhance your security posture.

This article has explored the essential aspects and benefits of utilizing Entra ID MTO in various scenarios, including its capabilities, licensing requirements, key use cases, and crucial considerations for setup. By leveraging these capabilities, businesses can achieve enhanced operational efficiency, improved security compliance, and streamline user management.

Setting up an MTO requires careful planning and thorough preparation. From determining the number of tenants and users to configuring cross-tenant synchronization and policy templates, every detail is crucial for a smooth and successful implementation. Gathering and discussing this information ahead of time ensures that your MTO project is well-organized and ready for success. With Entra’s multitenant capabilities, businesses can focus on their core objectives while maintaining robust security and governance, making Entra ID MTO a comprehensive solution for managing complex, multi-tenant environments.

If you have any questions or a future project that involves Entra ID B2B or Multitentenant Organization, reach out to AIS.