As organizations expand through mergers and acquisitions, handling multiple tenants can become a tangled mess. Multitenant management with different identity systems can be expensive and complex, thereby hindering seamless collaboration among users. To tackle this issue, Microsoft introduced multi-tenant organization for Microsoft Entra ID in September 2023. It offers powerful capabilities that extend to various M365 services, simplifying the management of multiple tenants. And the exciting news is that Multitenant organization in Microsoft 365 is now generally available🚀!
What is Multi-tenant Organization in Microsoft 365?
Multitenant organization (MTO), a capability within Microsoft Entra ID and Microsoft 365, allows you to establish a tenant group within your organization. Each pair of tenants in the group operates under cross-tenant access settings, facilitating configuration for B2B interactions or cross-tenant synchronization.
License Requirement for Multi-tenant Organization
To utilize the multitenant organization capability, only one Microsoft Entra ID P1 license is required per employee per multitenant organization. Additionally, at least one Microsoft Entra ID P1 license is necessary for each tenant.
What are the New MTO Capabilities within Microsoft 365?
Several Microsoft 365 features, like People Search, Teams, Viva Engage, and Defender XDR will now work across organizations. Let’s talk about it in detail.
- Discover Connections Across Organizations with MTO People Search
- Microsoft Teams MTO: The Key to Streamlined Cross-Tenant Work
- MTO Capabilities in Viva Engage: New Ways of Communication
- Manage Incidents Across Tenants with MTO in Microsoft Defender XDR
1. 🔎 Discover Connections Across Organizations with MTO People Search
With multitenant organization People Search, you can search and find people across different tenants. Admins can enable cross-tenant sync, allowing users to be shown in other tenants’ global address list. Upon activation, users gain access to search capabilities that facilitate the discovery of synced user profiles from other tenants. Each search query yields a singular, precise result, ensuring an efficient user experience.
For example, Nestor (nestor@contoso.com) searches for “Megan” in the centralized search bar on SharePoint and can get the result for megan@fabrikam.com.
To test this feature, you need to have the following settings:
- Two Microsoft Entra / Microsoft 365 tenants.
- Both tenants should have the Microsoft Entra cross-tenant synchronization feature enabled.
- Users must be provisioned from home tenants to target tenants.
2. 📈 Microsoft Teams MTO: The Key to Streamlined Cross-Tenant Work
When admins establish a multitenant organization within Entra ID, organizations using the new Teams desktop client will seamlessly gain access to Teams MTO features without any extra setup. MTO in Microsoft Teams provides you with the following benefits.
- Now, users can seamlessly join meetings, chat, call, or collaborate in channels hosted by other tenants while simultaneously messaging within their own tenant.
- Users joining a meeting in another tenant can now skip the meeting lobby, gaining instant access to all meeting content and resources, facilitating real-time collaboration.
- Users can receive cross-tenant notifications from all accounts and tenants added to their Teams client, regardless of which one is currently active.
- With the new multitenant organization capabilities in Teams, searching for coworkers in a multitenant setup returns a single, unified result, reducing redundancy.
For the best experience using MTO, users need the new Microsoft Teams desktop client.
3. 🚀MTO Capabilities in Viva Engage: New Ways of Communication
By setting up a tenant group within Microsoft 365 comprising trusted tenants, Viva Engage enables cross-tenant collaboration.
How MTO Works in Viva Engage?
In Viva Engage, communication among tenants follows a hub-and-spoke model. The hub, situated at the center, is where most of the organization’s content originates. It’s crucial for key figures such as corporate communicators, HR professionals, and policy makers to reside within this hub.
The remaining networks are referred to as spoke tenants. Through features like Storyline and Leadership Corner, leaders within the hub can share content with all spoke tenants simultaneously, ensuring the timely distribution of information. Once the hub tenant is configured for a multitenant organization, all tenants can communicate seamlessly as a single, unified network.
Prerequisites: To access the multiple tenant organization feature for Viva Engage, a Viva suite license or an Employee Communications & Communities (C&C) license is required.
MTO in Viva Engage supports the following.
- MTO Communities: Now, communities can include employees from different companies to view, post, reply, and engage within those communities. This feature is currently in preview and will be fully accessible in June.
- MTO Campaigns: Introducing official campaigns that are open for all employees to participate in. This allows employees to join conversations and contribute to driving the campaign’s success, regardless of their company. This feature is in preview now and will be available in June.
- MTO AMAs & Events: Uniting all employees for Ask Me Anything (AMAs) sessions with leaders, spanning across company boundaries. This feature will be available for preview in June. Additionally, later this year, employees will have the opportunity to participate in live events via communities or Viva Engage events. This enables leaders to host town hall meetings and company-wide gatherings that include stakeholders from various companies.
- MTO Analytics: Gain a comprehensive view of engagement across all workloads and companies to understand the extent of employee involvement. Once accessible, this feature provides detailed metrics for communities, campaigns, events, and AMAs. Currently, MTO Analytics are already available for announcements and storyline posts.
For setting up Viva Engage for MTO, refer to this doc.
4. ⚔️ Manage Incidents Across Tenants with MTO in Microsoft Defender XDR
Security teams overseeing multiple tenants require a dependable security solution to address modern threats. Microsoft Defender XDR now offers a unified investigation and response platform tailored for multitenant organizations. It is complemented by built-in protection across endpoints, identities, email, collaboration tools, cloud apps, and data.
With multitenant management capabilities, Microsoft Defender XDR enables security teams to swiftly investigate incidents and conduct advanced hunting across data from various tenants. This eliminates the need for administrators to constantly switch between individual tenants, streamlining operations and enhancing overall security effectiveness.
MTO in Microsoft Defender XDR manages the following.
- MTO in Microsoft Defender XDR handles incidents & alerts from various tenants efficiently.
- It actively seeks out intrusion attempts and breach activity across multiple tenants simultaneously.
- It enables the viewing and management of custom detection rules across various tenants.
- It allows for the exploration of device counts based on factors like device type, value, onboarding status, and risk status.
- The Microsoft Defender vulnerability management dashboard offers aggregated risk insights across multiple tenants.
- It provides an overview of vulnerability management data including exposed devices, security recommendations, weaknesses, and critical CVEs across different tenants.
For setting up multitenant management in Microsoft Defender XDR, refer to this doc.
How to Enable Microsoft 365 Multi-tenant Capabilities with Microsoft Entra?
Administrators can enable multitenant capabilities in the Microsoft 365 admin center and configure which users in the organization can take advantage of multitenant capabilities.
To enable MTO using the Microsoft 365 admin center, navigate to,
M365 admin center -> Settings -> Org settings -> Multitenant collaboration(preview).
Then, you need to share your users with other active tenants in MTO. This can be done using the ‘Share users’ option.
After creating MTO, Microsoft offers two methods for provisioning employees into neighboring multitenant organization tenants at scale.
- Microsoft 365 Admin Center Sync: Ideal for smaller organizations where all employees need access to all tenants. Simplified setup in the admin center.
- Entra ID Cross-Tenant Sync: Recommended for complex enterprise landscapes. Highly configurable for multi-hub multi-spoke identities. Allows for customizable synchronization.
We hope that this blog will help you start with multitenant organization capabilities within Microsoft 365. Thanks for reading. For further queries, feel free to reach us through the comment section. We will be happy to assist you.