Wouuu.. Really its amazing. Mind blowing skill and a great explanation with a wonderful content. Thanks a lot for such a amazing effort. Thank you.. Keep it up. All the best. Ever i landed over a better channel.
Hey Andy. Thanks for the video and explanation. However, I feel that during the B2B direct connection settings, the final step you showed of adding the Adatum tenant user to the Contoso tenant group (by inviting them) is actually not right because that then ends up provisioning a Guest user for the Adatum user when they try to access Contoso and that is not the purpose behind B2B direct connect as you explained at the beginning of the video. It should work using the external identity directly as that is what distinguishes it from B2B collaboration. So this feature should work without inviting or adding those users to some groups or apps in the resource tenant. It should just work without having any knowledge of the external users once both the resource and host tenant have done the necessary inbound/outbound settings. If I am not wrong, the B2B direct connect is limited to only Shared Teams Channels atm (according to MS docs) and that is the reason why it doesn’t work for anything else for now. I am really looking forward for this feature to work fully as intended since this is a growing requirement for many customers, but at present it is really limited in its scope.
You are correct and thanks for pointing that out. At the time this was recorded I was not aware of all the facts. In fact my next video will address this, Thanks again.
Lovely presentation. Thank you, Andy. =) Just want to provide one clarification from Microsoft. B2B Direct Connect only grants access to Teams and only within specific shared Teams channels. The application settings are Teams applications, not any registered application in your Azure tenant. I really wish B2B DC allowed access to anything in our tenant. It would make our lives so much easier.
Great video Andy, very useful info. Thanks for that and thanks for all the work you do on your channel. One topic that would be interesting would be Office 365 migration of users from tenant to tenant (for example company merger), I’ve run into this situation myself and the process is a bit convoluted, so any clarification would be useful.
Simple, yet detailed explanation! Great video indeed. Thank you! This connected my dots. And is there a way to setup sync b/w other cloud provider tenants into Microsoft Entra? Wouldn't that be cool?
Hi Andy, Thank you for your video! This has been very helpful! I have an use case where two sister companies access eachothers data (different companies, same owners) So I'm already very happy that we have the guest users out of the system :) Now the only issue we still have today is the sharing of calendars between the different tenants. We are able to share a calendar, but it doesn't get updated on the otherside. So in the end, we only have a copy of ones calendar but we can't see when somebody is available of not available after the sharing has been done or one month from now. Can we tackle this also with Cross Tenant access or will we need federation for it?
Can this be done without sending notification? I wonder if I add a security group to teams on the other tenant, is that gonna work too? I wonder if this tool would become complete enough so tenant to tenant migration is no longer a must.
Great job Andy. You explain things very well. I was able to successfully implement this in two test tenants and show that it allowed greater access to things like Teams Whiteboards that wasn’t possible before with Guest access. However I wasn’t able to get Exchange mailbox access working between Tenants. Would you expect that to work yet? My license level is quite low, so that may be a factor? But anyhow, great work, you have another subscriber! 😀👍
@@AndyMaloneMVP Hi Andy, I think you may have missed the intent of my question. In my test Tenant A Exchange, I granted Full Mailbox access a user from my test Tenant B. But I wasn't able to login to the mailbox as the Tenant B User. Is this a current limitation of the Cross Tenant access?
@@twidler Not at all I understood your question perfectly. However As this feature is currently in preview it does have a few hiccups at the moment. Including exchange transport rules, which have to be put in place. I would recommend that you check out docs.microsoft.com for the latest support articles and many thanks for your question.
Nice, so what if tenant A is where our helpdesk fully resides but we took over another company called tenant B and the helpdesk needs to be able to do Privileged Authentication Administrator work for users in tenant B. Can we set this up in tenant A to allow tenant A helpdesk user to be able to be a Privileged Authentication Administrator admin in tenant B ?
Hi Andy, we are CSP provider and one customer of ours has already a tenant with another CSP. We must create another tenant for commercial reason , but we would like to reassure the user that he will not have to manage two ADs, he will not have to manage security separately but see the two tenants as a single tenant. How can we achieve all this? What are the azure tools to support? Thank you
@@AndyMaloneMVP do you think thai with lighthouse customer will can propagate security rules , quotas, monitoring that It already Have in its actual tenant?
@@defsult unfortunately I don’t teach this product so I’m not sure how to answer your question. I will check out dark start microsoft.com for full details and also the Microsoft partner website.
Hello Andy, Congrats! it's a great feature. Just a question please, In order to create (2 ways trust relationship) between both companies should I have to setup the other side with the same configuration?
Thank you for covering this video, love this! I wonder if we have a hybrid Azure AD situation, does on prem tenant trust plays a role here or can it be completely separate just for cloud resource sharing? Is there an impact on GAL?
Hey Andy thank you for the video. I am curious about cross tenant resources that would require licensing, like Dynamics 365. Any info on such a scenario?
To be honest Mike, as this is currently in preview only. There is not much information regarding the licensing situation. However to access resources regarding particular 0365 products one must only assume that users must be licensed on either side of the link. If I find out more details of course, I will pass that on to you. Many thanks and all the best. Andy
Hi @Andy, thank you for this content. I have a question regarding in connecting to Azure SQL Database from PowerApps via AD Authentication and my tenancy in Azure is Guest. When I connect, I am getting a problem: Login failed for user. The server is not currently configured to accept this token. Do you happen to know the resolution of this?
With these settings can a user from another tenant access/sign in to Intune enrolled devices? That as a feature would be very handy for environments where merging tenants would cause too much hassle.
@@AndyMaloneMVP Thanks for the reply. That sucks though, especially if the user has a license in their own tenant. Looks like we are going to have to go the route of merged tenants. Super excited!
Great Video, but I do not know if it works. I want to share SharePoint between two tenants. Following your instructions, will it work? I tried looking up the user account, and no luck. It does not find the other corp ser account.
I have gone through these steps multiple times to ensure that I have everything setup properly but I am still unable to share a calendar from 1 tenant to another. Any help would be GREATLY appreciated.
You can do this within the Exchange admin centre. support.microsoft.com/en-us/office/calendar-sharing-in-microsoft-365-b576ecc3-0945-4d75-85f1-5efafb8a37b4
Hi Andy, is this also an option to administrate a tenant with a user from another tenant? I Saw a video about the MS tenant switcher, but this seems to be only for Partners. I Work as an Administrator for different customers and I´m searching for an easy was to andministrate all the different tenants. At the moment I have a global Admin user for each tenant and i´m using Edge profiles to seperate the tenants. I have my own tenant wich could be used for the external identity in the customers tenant. Is there a way to use the tenant swicther for me?
Hi Andy, thank you for the video, it was really interesting! I am an IT Admin in my Company and we are currently planning a migration from Google to Microsoft. We are a growing franchise system with over 10 locations right now. All of the franchisees will get their own tenant and we are looking for a way to setup the tenants in a way that the collaboration will work flawlessly. I would really like to have a chat with you on how we could accomplish that. Is there any way i could send you a direct message?
Truly I’d love to help but I’m super busy teaching and working in a consulting project. Please forgive me but in this occasion I cannot assist. That’ll keep for reaching out though.
What is the difference between B2B Direct and creating guest accounts and then assigning groups to guest account? I have noticed after registering sister company and sending out invite as you show, it creates a guest accounts and adds the group to that guest account
B2B direct connect pre authorities the user and design to be a time saving feature. Whereas if Nviron go a guest, you have to manually do an invite and assign permissions. Also B2B direct takes advantage if the trust settings which rocks. Remember it’s a preview feature only though 😊
@@AndyMaloneMVP thanks for the answer. I have another question after we send out the invite to the user, is there a way to sync all his contact information from the source AD to ours (where the user appears as guest)?
@@nikolapetrovic565 hmm good question. Honestly, I don’t know. You possibly do a flow in power automate to grab the data. But as the tech is only n beta it’s not entirely finished. If this changes I’ll let you know 👍😀
I have added the tenant id and I have added the guest user but when I login to the guest user portal I don't see the sharepoint sites added as a group member
You probably have to configure both tenants to share resources together. Other than that I’ll put money on that it being a permissions issue. Check again!
Thanks for the question. At the moment, as this is in beta I can’t give you a firm 100% answer. However if you look at the feature you’ll notice that there are government options in there. So one can only assume that more will be added when the product finally goes GA. Other than that it works perfect at the moment for commercial domains. Like I showed in the video you can control how much permission you are willing to receive, Or give. I hope this helps and great to have you on board.
Not ranting at you, ranting at Microsoft. This literally does nothing, it might be great in the future, but right now it is not. Still have to add the user to the group after the invitation, and it is not different than manually inviting a guest.
You know what! On this occasion we are in agreement. Like many of these new features in preview, they are a work in progress. However as an MVP, I've had a glimpse into the future and you know whata/ ait's looking bright :-) Thanks for the comment and I'm delighted to have you onboard.
@@AndyMaloneMVP To give MS some credit, it does help to restrict inbound/outbound access to other Azure AD tenants on a granular basis, as well as specify if MFA or device compliance from the guest tenant will suffice for conditional access, instead of having one set of rules for all tenants. Thank you and I'm looking forward to future videos.
Thank you for this great content! It helps me so much understanding the basic of B2B! Cross Tenant Access. I don't a technical back ground, but I used them to learned and help others. I have a new prospecting requesting B2B. I think this will be a good star. Any suggestions? Thank you for make things simple and easy to understand. Thank you for all you do 🙏 Do you have an Instagram account? I would love to follow you and stay connected with you! Great coach!
Thanks so much. No I don’t do instagram or Twitter. I do have LinkedIn though. In terms of experience check out Learn.Microsoft.com it’s loaded with everything you need 😀
I have liked, subscribed and shared to many ones. I just want spread it. Its a really amazing plateform.
Wouuu.. Really its amazing.
Mind blowing skill and a great explanation with a wonderful content. Thanks a lot for such a amazing effort.
Thank you.. Keep it up. All the best. Ever i landed over a better channel.
Thank you I appreciate it😊
We thank you also for your commitment time and kindness. Always answers to ours queries on Twitter. And to be honest you are a living library
Aw thanks so much for the nice comment. I was on Twitter but not any more. )
@@AndyMaloneMVP oh really. ? I guess it is for the best 😌
So well explained perhaps one of the best in the internet
Oh wow thanks so much
Great video! Exactly what I was looking for.
Hey Andy. Thanks for the video and explanation. However, I feel that during the B2B direct connection settings, the final step you showed of adding the Adatum tenant user to the Contoso tenant group (by inviting them) is actually not right because that then ends up provisioning a Guest user for the Adatum user when they try to access Contoso and that is not the purpose behind B2B direct connect as you explained at the beginning of the video. It should work using the external identity directly as that is what distinguishes it from B2B collaboration.
So this feature should work without inviting or adding those users to some groups or apps in the resource tenant. It should just work without having any knowledge of the external users once both the resource and host tenant have done the necessary inbound/outbound settings. If I am not wrong, the B2B direct connect is limited to only Shared Teams Channels atm (according to MS docs) and that is the reason why it doesn’t work for anything else for now.
I am really looking forward for this feature to work fully as intended since this is a growing requirement for many customers, but at present it is really limited in its scope.
You are correct and thanks for pointing that out. At the time this was recorded I was not aware of all the facts. In fact my next video will address this, Thanks again.
Awesome. Thanks a lot for confirming and I’ll be looking forward for the next video. :)
Excellent video Andy
You’re welcome 👍
Thank you Andy ❤
A Fantastic Teacher!
Thank you kindly 🙏😊
Lovely presentation. Thank you, Andy. =) Just want to provide one clarification from Microsoft. B2B Direct Connect only grants access to Teams and only within specific shared Teams channels. The application settings are Teams applications, not any registered application in your Azure tenant. I really wish B2B DC allowed access to anything in our tenant. It would make our lives so much easier.
Thanks for the explanation and your contribution. This was an early video. Later videos cover it correctly. Thanks again.
Love the energy and whole approach awsome
Thanks Mark I’m delighted to hear that and welcome to my channel 😀🙏👍
Hi Andy. Great content. Love your kind of videos with the top level view. Straight forwarded without the geak level. Thanks
You're welcome and yes thats the idea :-)
Brilliant Andy❤
Great video Andy, very useful info. Thanks for that and thanks for all the work you do on your channel. One topic that would be interesting would be Office 365 migration of users from tenant to tenant (for example company merger), I’ve run into this situation myself and the process is a bit convoluted, so any clarification would be useful.
Great suggestion! I'll see what IO can do :-)
Good one as always!
Thank you
Excited for this!
Awesome thanks :-)
Great video and explanation.
Great video Andy!
Thanks Patrick much appreciated
Simple, yet detailed explanation! Great video indeed. Thank you! This connected my dots. And is there a way to setup sync b/w other cloud provider tenants into Microsoft Entra? Wouldn't that be cool?
Awesome, look at my tenant to tenant video
Hi Andy,
Thank you for your video! This has been very helpful!
I have an use case where two sister companies access eachothers data (different companies, same owners)
So I'm already very happy that we have the guest users out of the system :)
Now the only issue we still have today is the sharing of calendars between the different tenants.
We are able to share a calendar, but it doesn't get updated on the otherside. So in the end, we only have a copy of ones calendar but we can't see when somebody is available of not available after the sharing has been done or one month from now.
Can we tackle this also with Cross Tenant access or will we need federation for it?
For best results. I recommend that you visit and post your question to the Microsoft tech community as this is a support issue. Thanks
So helpful! Thanks so much
My pleasure and thank you very much for the comment.👍😄
awesome, video sir, but i have a question: what to do after inviting the user???
USer accepts and then you can assign apps, permissions to resources, such as Teams :-)
Can this be done without sending notification?
I wonder if I add a security group to teams on the other tenant, is that gonna work too?
I wonder if this tool would become complete enough so tenant to tenant migration is no longer a must.
Good question. If you set this up on both tenants, then in theory you would not need the invite.
Great job Andy. You explain things very well. I was able to successfully implement this in two test tenants and show that it allowed greater access to things like Teams Whiteboards that wasn’t possible before with Guest access. However I wasn’t able to get Exchange mailbox access working between Tenants. Would you expect that to work yet? My license level is quite low, so that may be a factor? But anyhow, great work, you have another subscriber! 😀👍
You are correct. For this you would need to create Exchange transport rules :-)
@@AndyMaloneMVP Hi Andy, I think you may have missed the intent of my question. In my test Tenant A Exchange, I granted Full Mailbox access a user from my test Tenant B. But I wasn't able to login to the mailbox as the Tenant B User. Is this a current limitation of the Cross Tenant access?
@@twidler Not at all I understood your question perfectly. However As this feature is currently in preview it does have a few hiccups at the moment. Including exchange transport rules, which have to be put in place. I would recommend that you check out docs.microsoft.com for the latest support articles and many thanks for your question.
well explained, if I want to automate the steps how can it be done ?
Once it’s setup it’s done. Follow on automation can be done via using Power Automate or PowerShell
Nice, so what if tenant A is where our helpdesk fully resides but we took over another company called tenant B and the helpdesk needs to be able to do Privileged Authentication Administrator work for users in tenant B. Can we set this up in tenant A to allow tenant A helpdesk user to be able to be a Privileged Authentication Administrator admin in tenant B ?
I don’t think we’re fully there yet but getting close. Check out my recent videos and you’ll see what I mean.
Ps have you seen Microsoft Lighthouse if you’re a partner
Thank you so much..!
You’re very welcome
Hi Andy, we are CSP provider and one customer of ours has already a tenant with another CSP. We must create another tenant for commercial reason , but we would like to reassure the user that he will not have to manage two ADs, he will not have to manage security separately but see the two tenants as a single tenant. How can we achieve all this? What are the azure tools to support? Thank you
Have you taken a look at Microsoft Lighthouse. This is a dedicated tool for Microsoft partners that allows for this.
@@AndyMaloneMVP do you think thai with lighthouse customer will can propagate security rules , quotas, monitoring that It already Have in its actual tenant?
@@defsult unfortunately I don’t teach this product so I’m not sure how to answer your question. I will check out dark start microsoft.com for full details and also the Microsoft partner website.
Hello Andy, Congrats! it's a great feature. Just a question please, In order to create (2 ways trust relationship) between both companies should I have to setup the other side with the same configuration?
Yes I believe this would be the solution. Thanks again and all the best.
@@AndyMaloneMVP Thank You!
@@patriklemos420 you’re welcome
Thank you for covering this video, love this! I wonder if we have a hybrid Azure AD situation, does on prem tenant trust plays a role here or can it be completely separate just for cloud resource sharing? Is there an impact on GAL?
It can be separate. You can add a single domain and then add additional connected domains as required.
Hey Andy thank you for the video. I am curious about cross tenant resources that would require licensing, like Dynamics 365. Any info on such a scenario?
To be honest Mike, as this is currently in preview only. There is not much information regarding the licensing situation. However to access resources regarding particular 0365 products one must only assume that users must be licensed on either side of the link. If I find out more details of course, I will pass that on to you. Many thanks and all the best. Andy
@@AndyMaloneMVP Thanks! I appreciate it!
Hi @Andy, thank you for this content. I have a question regarding in connecting to Azure SQL Database from PowerApps via AD Authentication and my tenancy in Azure is Guest.
When I connect, I am getting a problem: Login failed for user. The server is not currently configured to accept this token.
Do you happen to know the resolution of this?
Hmm sounds like a permissions issue to me.
With these settings can a user from another tenant access/sign in to Intune enrolled devices? That as a feature would be very handy for environments where merging tenants would cause too much hassle.
No you would need a licence.
@@AndyMaloneMVP Thanks for the reply. That sucks though, especially if the user has a license in their own tenant. Looks like we are going to have to go the route of merged tenants. Super excited!
Great Video, but I do not know if it works.
I want to share SharePoint between two tenants. Following your instructions, will it work? I tried looking up the user account, and no luck. It does not find the other corp ser account.
Look on my playlist, there’s a more up-to-date version of this video
I have gone through these steps multiple times to ensure that I have everything setup properly but I am still unable to share a calendar from 1 tenant to another. Any help would be GREATLY appreciated.
You can do this within the Exchange admin centre. support.microsoft.com/en-us/office/calendar-sharing-in-microsoft-365-b576ecc3-0945-4d75-85f1-5efafb8a37b4
Hi Andy, is this also an option to administrate a tenant with a user from another tenant? I Saw a video about the MS tenant switcher, but this seems to be only for Partners. I Work as an Administrator for different customers and I´m searching for an easy was to andministrate all the different tenants. At the moment I have a global Admin user for each tenant and i´m using Edge profiles to seperate the tenants. I have my own tenant wich could be used for the external identity in the customers tenant. Is there a way to use the tenant swicther for me?
Are you a Microsoft partner? If so check out Microsoft Lighthouse it allows you to manage multi tenants easily in Microsoft 365, and Microsoft azure
Is it possible to share Azure hosted SMB file shares across different tenants?
Yea
Hi Andy, thank you for the video, it was really interesting! I am an IT Admin in my Company and we are currently planning a migration from Google to Microsoft. We are a growing franchise system with over 10 locations right now. All of the franchisees will get their own tenant and we are looking for a way to setup the tenants in a way that the collaboration will work flawlessly. I would really like to have a chat with you on how we could accomplish that. Is there any way i could send you a direct message?
Truly I’d love to help but I’m super busy teaching and working in a consulting project. Please forgive me but in this occasion I cannot assist. That’ll keep for reaching out though.
What is the difference between B2B Direct and creating guest accounts and then assigning groups to guest account?
I have noticed after registering sister company and sending out invite as you show, it creates a guest accounts and adds the group to that guest account
B2B direct connect pre authorities the user and design to be a time saving feature. Whereas if Nviron go a guest, you have to manually do an invite and assign permissions. Also B2B direct takes advantage if the trust settings which rocks. Remember it’s a preview feature only though 😊
@@AndyMaloneMVP thanks for the answer. I have another question after we send out the invite to the user, is there a way to sync all his contact information from the source AD to ours (where the user appears as guest)?
@@nikolapetrovic565 hmm good question. Honestly, I don’t know. You possibly do a flow in power automate to grab the data. But as the tech is only n beta it’s not entirely finished. If this changes I’ll let you know 👍😀
I have added the tenant id and I have added the guest user but when I login to the guest user portal I don't see the sharepoint sites added as a group member
You probably have to configure both tenants to share resources together. Other than that I’ll put money on that it being a permissions issue. Check again!
Hi Andy, would this work from AD GCC/GCC High or DoD (Azure Government) to a commercial AD Tenant (Azure AD)?
Thanks for the question. At the moment, as this is in beta I can’t give you a firm 100% answer. However if you look at the feature you’ll notice that there are government options in there. So one can only assume that more will be added when the product finally goes GA. Other than that it works perfect at the moment for commercial domains. Like I showed in the video you can control how much permission you are willing to receive, Or give. I hope this helps and great to have you on board.
@@AndyMaloneMVP Thank you Andy, will need to have a work session with Microsoft and our Gov counterpart.
Not ranting at you, ranting at Microsoft. This literally does nothing, it might be great in the future, but right now it is not. Still have to add the user to the group after the invitation, and it is not different than manually inviting a guest.
You know what! On this occasion we are in agreement. Like many of these new features in preview, they are a work in progress. However as an MVP, I've had a glimpse into the future and you know whata/ ait's looking bright :-) Thanks for the comment and I'm delighted to have you onboard.
@@AndyMaloneMVP To give MS some credit, it does help to restrict inbound/outbound access to other Azure AD tenants on a granular basis, as well as specify if MFA or device compliance from the guest tenant will suffice for conditional access, instead of having one set of rules for all tenants. Thank you and I'm looking forward to future videos.
@@lenniscata You’re very welcome and thanks for the great comments.
Would be nice if it worked.
It works perfectly 😊
Been alot better had you shown it working as intended not just the settings..
There’s a newer version of this video that does
ruclips.net/video/GI279H1Je_M/видео.html
Thank you for this great content! It helps me so much understanding the basic of B2B! Cross Tenant Access. I don't a technical back ground, but I used them to learned and help others. I have a new prospecting requesting B2B. I think this will be a good star. Any suggestions? Thank you for make things simple and easy to understand. Thank you for all you do 🙏 Do you have an Instagram account? I would love to follow you and stay connected with you! Great coach!
Thanks so much. No I don’t do instagram or Twitter. I do have LinkedIn though. In terms of experience check out Learn.Microsoft.com it’s loaded with everything you need 😀