Understanding Multi-Tenant Organizations

Video Statistics and Information

Video
Captions Word Cloud
Reddit Comments
Captions
hey everyone in this video I want to talk about multi-tenant organizations now this could occur because as an organization maybe there's been mergers or Acquisitions or maybe I just need a certain amount of isolation between those different Azure ad now enter tenants so in my environment I can think about well yes I have multiple tenants so I've got my I'll just call it tenant a then I could also think about I've got a tenant B you probably have more original names than this and I have a tenant C so while I have these different tenants with their own users and groups and devices and applications I want a certain amount of natural collaboration possible between them because they are part of one organization and it can actually get very very confusing for many types of communication be it teams or Viva when I have these many many different tenants now if I think about teams is actually a really good example so teams actually has if we go and have a quick look at this if I look at teams teams has a concept of external organizations and I can go and add allowed domains these external organizations which will then expose those users as external users so this could be for the purpose of chat for example I just want to go and chat I want concepts of meetings with them so if I was to go and add that team's capability so I can think okay I'm going to go and add that teams specific type of Federation now I can consider I have a user over here we call them Bob so now what would happen if I was a user in this tenant and I'm using teams when I go and look at who is available well I will actually see Bob and what it will say is external foreign brackets and that's very convenient for me in my tenant and for Bob because Bob can be on their client quite happily and if I message Bob external it would just show up very naturally in my teams so at this point we're actually good this is a nice status it's not confusing however now you can add in the concepts of guests and guests are external identities in my tenant because you may think about well actually Bob Bob also needs access to maybe some applications some resources maybe there's in meeting applications maybe there's file sharing maybe they're standard types of channels I have to give them access to as well so for that to work what I now have to do is add Bob as a guest now I'm using the term guest it's really an external identity but what that will cause is for a little external identity object created in my tenant that is Bob the problem is that's now going to show up so I will now also see Bob guest so if I now wanted to talk to Bob and I'm in my organization I I see two as a 50 50 chance I get it wrong and I message guest well for Bob to actually see messages I send to guest well Bob would actually have to go and switch tenant which will make them very very cross you'll have a very unhappy Bob and so this scenario is not attractive we really don't want to get into this now these guest accounts could be being added manually but remember I could also be doing it just as part of my synchronization so if I go and quickly look remember in enter I can set up cross-tenant synchronization and then I can add particular tenants again this would only be within an organization and then users will automatically get added as guests to other organizations tenants within your organization so it makes it much easier to have hey sharing of resources of applications within a particular company again my challenge now is it's getting confusing and not just teams Viva and many other applications will now have maybe a very confusing experience and I end up messaging or contacting or adding to the meeting the wrong one and the less I know to go and switch tenant I'm not going to see it so Communications will get missed it's a poor experience for everyone and so we need a better solution and so this is where the new multi-tenant organization comes in what the multi-tenant organization is going to let me do is I'm going to create a new multi-tenant organization and I'm going to basically make it so that it's going to Encompass all of these different tenants now one of them will become the owner and then for the other tenants I'll go and add them into this multi-tenant organization so when I go and create this I'll specify the owner and I'll say who can join it but then those tenants have to say yes I want to join it so if we jump over and go and look so we're going to do this in the Microsoft 365 admin center now I could also use and the graph API as well but if I use the admin Center so what I'm doing here is I'm going into my settings and then under settings I'm going into organizational settings then under organizational settings I'm going into the organizational profile now at time of recording this feature is in preview so to see it I have to go to my release preferences and under release preferences I've actually setted it to targeted release and I've said it for everyone not just select users so I am on boarding to this preview feature and if I do that you'll then see this option of multi-tenant collaboration and then all I have to do is I would go into this I would say get started and so the first thing I would do is create a new multi-tenant organization so let's specify what is the organizational name the description and then enter the tenant IDs of all the tenants that will be part of this and I can also then set up the synchronization settings it will actually go and configure that cross tenant sync for me as well it only does that if I do it by the portal it won't do that if I do it via the API once I've gone and created the organization then for the other tenants I just say hey I want to join a multi-tenant organization and I just enter the tenant ID of that owning organization that owning tenant and then I can say hey yes allow users to sync suppress consent prompts and it's going to go and now complete that configuration for you and what it's going to do is when you actually go through the portal and you say yes I want that cross-tenant access sync the other nice thing it's going to do for you is it's going to set up a synchronization mesh so what I mean by that is every single tenant will synchronize with every other tenant she'll get a complete set of user synchronization and it's going to set this up for you automatically so now every user will show up as guests in every other tenant I can customize those cost and access syncs if I want to so I can maybe modify what attributes are going on it's just going to set up a basic one for me but now the beauty is once I've gone ahead and set this up when I'm using teams now now I do want to stress I do need to be running the new teams client the nice shiny new teams client but when I do this it won't now show those guests they still exist in the tenant but teams and Vivo and others will now give me an enhanced experience I'll only see one so when I'm going ahead and looking all I'll see is that one that's supposed to be an eye I'm not very good at drawing so it's going to remove all that confusion Bob is never going to have to switch tenants anymore so Bobby's happy I'm only ever gonna see one so I'm going to make sure I Target the correct person for my communications or my meetings or my Viva interactions so now they're not going to miss my messages so I'm going to be happy as well and this is really the key point I will now only see the real identity so I'm going to remove all of this confusion and I would expect this to just grow in what adopts and leverages this over time and that's it I mean that's really the goal of this multi-tenant organization hey we have multiple tenants but we want to provide a seamless method of communication interaction between the users in the different tenants I want to avoid this confusion and that's what this does I hope that was useful as always till next video take care foreign
Info
Channel: John Savill's Technical Training
Views: 16,014
Rating: undefined out of 5
Keywords: azure, azure cloud, microsoft azure, microsoft, cloud, azure ad, identity, entra, teams, viva
Id: SLgA4JeJWkE
Channel Id: undefined
Length: 11min 16sec (676 seconds)
Published: Wed Sep 20 2023
Related Videos
Azure AD Cross-Tenant Sync
John Savill's Technical Training
21K
Multi-tenant Architecture for SaaS
CodeOpinion
92K
Azure AD App Registrations, Enterprise Apps and Service Principals
John Savill's Technical Training
185K
Microsoft Entra Multi Tenant Collaboration with FULL DEMO
Andy Malone MVP
14K
What happens when multiple conditional access policies apply?
John Savill's Technical Training
8.6K
Multi-tenant architecture in 20 minutes
Carmel Hinks Saxby
108K
Multi-tenancy architecture | The Backend Engineering Show
Hussein Nasser
36K
Adopting Azure for your Organization
John Savill's Technical Training
11K
Understanding Azure AD Hybrid Join
John Savill's Technical Training
27K
SaaS Deep Dive: Designing and Building Multi-Tenant Solutions • Tod Golding • GOTO 2020
GOTO Conferences
30K
Azure Landing Zones Overview
John Savill's Technical Training
127K
A Walkthrough of Microsoft Copilot for Azure. What It Is, How It Works!
John Savill's Technical Training
74K
AZ-700 Designing and Implement Azure Networking Study SUPER Guide!
John Savill's Technical Training
268K
Microsoft Azure Managed Identity Deep Dive
John Savill's Technical Training
63K
Find Privilege Escalation Paths in Microsoft Azure with AzureHound
Beau Bullock
8.9K
Architecting multitenant solutions on Azure | Azure Friday
Microsoft Azure
26K
Azure AD App Proxy Deep Dive
John Savill's Technical Training
22K
Note
Please note that this website is currently a work in progress! Lots of interesting data and statistics to come.