Great tool, I implemented b2b collaboration a while ago for 3 companies using the same building so they could book conference / meeting rooms and utilise the meeting room resources
One other thing to mention is if you already had a "Guest" account created in the other tenant before you turned on the multi-tenant mode, then by default that account was created as a "Guest" account, and it will not by default change to a "Member" account. You can either do that manually by editing the attribute in the receiving tenant, or if you go into the Cross tenant sync>>>Open the configuration>>>>select Provisioning>>>Mappings>>>Click provision Azure active directory Users>>>Scroll to the bottom for user type (It will be "Member" by default), click on it and then at the bottom change the "Apply this mapping" from only during object creation to Always. Then next sync it will update them all from guest to member.
@Fangel090 what is the business use case/scenario that you would want to switch all guest accounts over to member accounts? Also @AndyMaloneMVP, is there any viable way to know what functionalities have been added or updated by Microsoft? I'm still trying to find more updated information on how GCCH tenants are impacted, and if guest accounts have been impacted or improved by any more recent changes. A lot of information out there even on Tech Community is from 2020-2021, which in some respects is outdated information now.
@@DKTD23 By default the new multi-tenant creates the accounts it syncs as members vs a Guest so I was just pointing it out. But there are some advantages to this in terms of how things work in Sharepoint for collaboration, but it also caused some issues in Teams that MS hasn't yet worked out, so we had to force the sync to change everyone to guests to get teams to work ok. Still a lot of bugs with multi-tenant to work out on the MS side as it should make life very easy for synced tenants, but thats still not the case.
@Fangel090 what issues with Teams occurred? And why did the collab finction work better in guest mode vs members? If that was commercial to commercial then certainly commercial to gcch or gcch to commercial will likely pose the same issues
Thanks, would be nice to see cross tenant collab be a little more seamless. We have our users use the external ID when adding users to groups and chats in teams, otherwise they add the synced ID and teams never notifies you unless you log in with that ID.
Thanks Andy. I am presuming this would be great for companies that operate under the same umbrella but want to maintain their individual company identity?
Does Trust Establishment between Office 365 Tanners happen ? For example, we want to be able to see and authorize users of all companies in applications such as sharepoint and planner.
Thanks for the video. I've watched multiple videos on this and can't find and answer if licenses come with you from your parent tenant. Example - power apps, project, power bi, etc. Or do you have to duplicate license in the secondary tenant.
Thanks for the video, really helpful. I have just set up a multi tenant collaboration and synced the users. I've also followed the instructions about Tenant restrictions. I am having an issue with Microsoft Forms though. I have a form in the Parent Tenant (A), which is set so that "Only people in A can respond" (as I don't really want to make it open access). I'd hoped that would extend acces to the form to the external users in A that are being synced in from the Child Tenant (B), but users from B can't access the Form via the URL. All users are appropriately licenced in their "home" tenants (and it seems you can no apply licences to the EXT accounts). Have I missed something, or maybe cross tenant collaboration doesn't work for Forms yet?
As an MSSP, we need to access all of our customers' environments within our tenant, but we do not want our customers to have access to our tenant. Can we achieve this using Multitenant Collaboration?
Great Video. Easy to follow. I have a question though, is there an easy way to un-share a user. When I click on share, then the cross on the user I cannot save. When I go into cross-tenant sync, u sers and groups I can remove assignment for the user. But they remain in the other tenants AD Still
Thanks for the videos and helpful guidance Andy! Question for you on collaboration and specifically for sending messages and making calls in MS Teams to people on other tenants that are part of the multi-tenant synch process. I have this setup and i can locate people from the neighboring tenants. However, when I try to send a message in Teams to someone on an external tenant, it sends normal, but is never received. As for Teams calling, the calls start ringing and then show they are automatically getting forwarded to voicemail. I did test a message/call between two users in the same tenant and that worked fine. Is there an additional setting/config that needs to be enabled for multi-tenant messages/calls ?
Hmm could be either a licensing or permissions issue. Check external settings in teams, also guest tenant permissions. You e actually given me an idea for another video 👍
I need to allow users from one tenant to see calendar free/busy calendar from both org, see global address lists, chat and send files on teams chat (individual or group) and also to user resource rooms in exchange and book it. It will work only with this integration ? Thanks One of the tenants only has Microsoft 365 business standard licence, should I buy an extra licence to can have entra p1? Thanks
Love the video, do I need to assign license to the external user in the parent tenant ? External User has an existing M365 license on the child tenant(home tenant)
If you share users and groups, do you also get to share hardware within each tenant, eg printers? Might be a security risk, printing docs, but can you do this and then determine granularities regarding printing docs deemed/ marked as non-sensitive in Outlook? How would the policies work for sending emails? And what about firewalls? Do any of the tenants firewalls take precedence?
Hi Andy, Thanks for this helpful video i have a couple of questions as I've been asked to look at setting this up and finding a lot of the information on the web a little contradictory. In our example we have 7 Microsoft 365 Tenants which are child companies of a lager PLC. They want to use this to share resources like SharePoint and also use with teams. 1 - Assuming i set up all tenants into the organization will each org get the "shared" users from each other the other 6? Is it possible or does it need extra config. A lot of the content i looked at on cross tenant sync suggested it was one way which sounded like each tenant would need 6 links in and out to others. 2 - Is any special Licensing required? The parent company currently has Business Premium all round which i think includes Entra P1 - Guests currently mostly business Premium - Would the guests need higher licenses on their own tenant and a license on the destination (parent company tenant) - Initially its teams and sharepoint. Hope that makes sense.
Is this possible with Exchange? If there is a shared mailbox that both tenants need access to, can you add members of both tenants to the same shared mailbox?
between two tenants, T1 and T2, is being labeled as "external." In Microsoft teams, "external" typically indicates communication outside of the immediate organizational or tenant boundary. how we will fix
Are you/ have you done a video on MFA Server deprecation? 14:21 into the video, says you need to migrate to Azure AD-MFA before Sept '24 to avoid any service impact
You also need to have "Targeted release" enabled in every tenant that wants to use this feature currently along with the P1 or P2 license as mentioned above. @davac002 @@AndyMaloneMVP
Hi Andy, Thanks for the excellent video, I have one doubt for the B2B licensing. The synced user is a member of B2B tenant(destination), if the user wants to access some power apps mean will the source tenant licenses is enough or again, we need to assign one more license in B2B tenant(destination)?
In the 11:11 mark, when you want to save after you've shared users to the other tenant, you get a message saying "Are you sure you want to save... This change will overwrite any previous configurations settings in Azure Active Directory" - what does that exactly mean? Pretty scary popup... Also, how do I remove the group I shared, if I regret it?
If i have premium apps in my account and would like to help another company. Would my licence stay or will the other company owner need to buy me all the licences? If they need to buy all licence again i don't see a big use case for me.
If you’re talking about assisting them via admin tools, may I recommend that you install Microsoft Lighthouse. In this application you can manage all of your tenants.
Thank you for the video! Do you know if Multi Tenant Collaboration allows access to calendars via Scheduling Assistant across tenants? What about Sharepoint access across tenants?
@@noahpeltier This won't interfere with AAD Sync. The Multi Tenant Collaboration basically sets up another sync between the source and destination tenant. Has nothing to do with your onprem to MS365 AADSync.
Hi Andy! My name is Fer Peláez. I've sent you a note on LinkedIn to inquire about a Microsoft consulting for my business. I would love to chat with you if possible. Thanks!
Hi yes I did receive your message. Unfortunately I had an appointment today. I’m afraid I’m unable to take on this work due to my heavy workload at the moment. I do wish you all the best though and if I may suggest visit Microsoft.com/MVP and you might be able to locate an MVP or a Microsoft partner close to where you live. This may be more appropriate. I wish you all the best and good luck, Andy
Thank you for keeping all admins updated! ✌🏼
My pleasure!
Great tool, I implemented b2b collaboration a while ago for 3 companies using the same building so they could book conference / meeting rooms and utilise the meeting room resources
Hello. Late question, but how did you configure that?
Brilliant! Easy to follow with a pleasant voice and cadence. You're excellent! Thank you! Cheers!
Hi Andy,
Thank you for the content shared. Our team is preparing for the MTO & Cross-tenant sync.Your video is very helpful. Thank you again.
I really like the way you teach and present stuff, keep going & love from Switzerland
From your great Fan! Thanks for all you do for the MS community, Andy
Thank you too!
One other thing to mention is if you already had a "Guest" account created in the other tenant before you turned on the multi-tenant mode, then by default that account was created as a "Guest" account, and it will not by default change to a "Member" account. You can either do that manually by editing the attribute in the receiving tenant, or if you go into the Cross tenant sync>>>Open the configuration>>>>select Provisioning>>>Mappings>>>Click provision Azure active directory Users>>>Scroll to the bottom for user type (It will be "Member" by default), click on it and then at the bottom change the "Apply this mapping" from only during object creation to Always. Then next sync it will update them all from guest to member.
Great comments thanks 👍
@Fangel090 what is the business use case/scenario that you would want to switch all guest accounts over to member accounts?
Also @AndyMaloneMVP, is there any viable way to know what functionalities have been added or updated by Microsoft? I'm still trying to find more updated information on how GCCH tenants are impacted, and if guest accounts have been impacted or improved by any more recent changes. A lot of information out there even on Tech Community is from 2020-2021, which in some respects is outdated information now.
@@DKTD23 By default the new multi-tenant creates the accounts it syncs as members vs a Guest so I was just pointing it out. But there are some advantages to this in terms of how things work in Sharepoint for collaboration, but it also caused some issues in Teams that MS hasn't yet worked out, so we had to force the sync to change everyone to guests to get teams to work ok. Still a lot of bugs with multi-tenant to work out on the MS side as it should make life very easy for synced tenants, but thats still not the case.
@Fangel090 what issues with Teams occurred? And why did the collab finction work better in guest mode vs members? If that was commercial to commercial then certainly commercial to gcch or gcch to commercial will likely pose the same issues
Awesome video! CTS hopefully can let organizations interact seamlessly.
You're the best!
Thank you Andy :)
My pleasure!
Thanks, would be nice to see cross tenant collab be a little more seamless.
We have our users use the external ID when adding users to groups and chats in teams, otherwise they add the synced ID and teams never notifies you unless you log in with that ID.
awesome :-)
Great. Thanks Andy.
For the Calendar and contact sharing does all the users need Entra P1 license or only one for the tenant. Please advise
Users licensed in 1 tenant can now carry those licenses into the second. Min P1 requried.
Thanks Andy. I am presuming this would be great for companies that operate under the same umbrella but want to maintain their individual company identity?
Absolutely
Love your work andy
Thanks👍
Does Trust Establishment between Office 365 Tanners happen ?
For example, we want to be able to see and authorize users of all companies in applications such as sharepoint and planner.
It's called Multi Tenant Collaboration. Check out learn.microsoft.com
Thanks for the video. I've watched multiple videos on this and can't find and answer if licenses come with you from your parent tenant. Example - power apps, project, power bi, etc. Or do you have to duplicate license in the secondary tenant.
A new feature will allow licences users from one tenant to work in another. watch this space soon 👍
@@AndyMaloneMVP Your reply is much appreciated!!
Thanks for the video, really helpful. I have just set up a multi tenant collaboration and synced the users. I've also followed the instructions about Tenant restrictions. I am having an issue with Microsoft Forms though. I have a form in the Parent Tenant (A), which is set so that "Only people in A can respond" (as I don't really want to make it open access). I'd hoped that would extend acces to the form to the external users in A that are being synced in from the Child Tenant (B), but users from B can't access the Form via the URL. All users are appropriately licenced in their "home" tenants (and it seems you can no apply licences to the EXT accounts). Have I missed something, or maybe cross tenant collaboration doesn't work for Forms yet?
Hmm not sure sorry. Try posting on the Microsoft tech Community.
As an MSSP, we need to access all of our customers' environments within our tenant, but we do not want our customers to have access to our tenant. Can we achieve this using Multitenant Collaboration?
I would use Microsoft Lighthouse. Free 👍
Great Video. Easy to follow.
I have a question though, is there an easy way to un-share a user.
When I click on share, then the cross on the user I cannot save.
When I go into cross-tenant sync, u sers and groups I can remove assignment for the user. But they remain in the other tenants AD Still
Check licence
Thanks for the videos and helpful guidance Andy! Question for you on collaboration and specifically for sending messages and making calls in MS Teams to people on other tenants that are part of the multi-tenant synch process. I have this setup and i can locate people from the neighboring tenants. However, when I try to send a message in Teams to someone on an external tenant, it sends normal, but is never received.
As for Teams calling, the calls start ringing and then show they are automatically getting forwarded to voicemail. I did test a message/call between two users in the same tenant and that worked fine.
Is there an additional setting/config that needs to be enabled for multi-tenant messages/calls ?
Hmm could be either a licensing or permissions issue. Check external settings in teams, also guest tenant permissions. You e actually given me an idea for another video 👍
Confirming that the sync is only one way from Adatum to Contoso? Can it be synced both way or not necessary since Contoso is the host tenant?
As I said in the video one is the primary the rest are secondary
Thanks Andy for this excellent video. Can an external users be granted an email address?
No they need an outlook licence
Thanks Andy, can we use multiple ad connect servers to sync same directories to the separate Tenants
The cloud sync tool is great for this but only support Password Hash Sync
I need to allow users from one tenant to see calendar free/busy calendar from both org, see global address lists, chat and send files on teams chat (individual or group) and also to user resource rooms in exchange and book it. It will work only with this integration ?
Thanks
One of the tenants only has Microsoft 365 business standard licence, should I buy an extra licence to can have entra p1?
Thanks
learn.microsoft.com/en-us/microsoft-365/admin/manage/share-calendars-with-external-users?view=o365-worldwide
Does Microsoft's B2B pricing apply to this setup since the users are synced in as members and not guests?
Is this is currently in public preview, no pricing information has been published yet. Hopefully it won’t be too long.
Would you know why I cannot see Multitenant collaboration (preview) in Settings > Org settings > Organization profile tab?
You must have a business edition, not enterprise.
@@AndyMaloneMVP I have M365 Apps for companies. I guess it is the same case like Enterprise edition, right?
@@AndyMaloneMVP aha, I did not have Entra ID P1 license that is required
Love the video, do I need to assign license to the external user in the parent tenant ? External User has an existing M365 license on the child tenant(home tenant)
This is currently in debate at the moment. Yes is the answer but this may change soon.
Hi , very good demo. however how is this different from contact
It creates a guest account n Entra ID. Contacts do not
If you share users and groups, do you also get to share hardware within each tenant, eg printers? Might be a security risk, printing docs, but can you do this and then determine granularities regarding printing docs deemed/ marked as non-sensitive in Outlook? How would the policies work for sending emails? And what about firewalls? Do any of the tenants firewalls take precedence?
Hmm not sure I’ve not tried it yet
Hi Andy, Thanks for this helpful video i have a couple of questions as I've been asked to look at setting this up and finding a lot of the information on the web a little contradictory.
In our example we have 7 Microsoft 365 Tenants which are child companies of a lager PLC. They want to use this to share resources like SharePoint and also use with teams.
1 - Assuming i set up all tenants into the organization will each org get the "shared" users from each other the other 6? Is it possible or does it need extra config. A lot of the content i looked at on cross tenant sync suggested it was one way which sounded like each tenant would need 6 links in and out to others.
2 - Is any special Licensing required? The parent company currently has Business Premium all round which i think includes Entra P1 - Guests currently mostly business Premium - Would the guests need higher licenses on their own tenant and a license on the destination (parent company tenant) - Initially its teams and sharepoint.
Hope that makes sense.
The feature only supports 5 connections at the moment. Please contact Microsoft support. They may be able to extend for your 7 tenants
@@AndyMaloneMVP thanks
Is this possible with Exchange? If there is a shared mailbox that both tenants need access to, can you add members of both tenants to the same shared mailbox?
Yes
between two tenants, T1 and T2, is being labeled as "external." In Microsoft teams, "external" typically indicates communication outside of the immediate organizational or tenant boundary. how we will fix
Hi Andy. I have the same question as above. Is there a way to suppress a user from being labeled as "External" when doing multi=tenant collaboration?
Yes, same here!
Are you/ have you done a video on MFA Server deprecation? 14:21 into the video, says you need to migrate to Azure AD-MFA before Sept '24 to avoid any service impact
Would love to see something on this
No I have not sorry.
Are there any requirements for the multi-tennant setting to show under organization profile? Dont seem to have that setting for our tennancy.
It's in preview at the moment, but generally you'd need a P1 or P2 licence.
You also need to have "Targeted release" enabled in every tenant that wants to use this feature currently along with the P1 or P2 license as mentioned above. @davac002 @@AndyMaloneMVP
@@AndyMaloneMVP , so obviously no way for multi-tenancy in M365 Basic and Standard
@@serhiiparshyn7882 correct, although you can manage multiple tenants in Microsoft Lighthouse
Hi Andy,
Thanks for the excellent video, I have one doubt for the B2B licensing.
The synced user is a member of B2B tenant(destination), if the user wants to access some power apps mean will the source tenant licenses is enough or again, we need to assign one more license in B2B tenant(destination)?
Gosh I honestly don't know that one! I'd contact MS for this.
Thanks @@AndyMaloneMVP
We've had to add a licence to the B2B guest to get things like Viva/Yammer working.
@@liam2161 Ah there you go. You m delighted you’ve got it working. 👍
Is this approach suitable for B2B scenarios or a SaaS application for enterprises?
I do t see why not
In the 11:11 mark, when you want to save after you've shared users to the other tenant, you get a message saying "Are you sure you want to save... This change will overwrite any previous configurations settings in Azure Active Directory" - what does that exactly mean? Pretty scary popup...
Also, how do I remove the group I shared, if I regret it?
Cross tenant aync
@@AndyMaloneMVP ah so it will remove the current cross tenant sync config?
Is cross tenant collaboration available in Microsoft Office 365 Basic Plan?
No I’m afraid not
Awesome 🎉
If i have premium apps in my account and would like to help another company. Would my licence stay or will the other company owner need to buy me all the licences? If they need to buy all licence again i don't see a big use case for me.
If you’re talking about assisting them via admin tools, may I recommend that you install Microsoft Lighthouse. In this application you can manage all of your tenants.
Would synchronized users appear in my global address list in Exchange?
Yes as contacts
@@AndyMaloneMVP Love it, thank you!
Thank you for the video! Do you know if Multi Tenant Collaboration allows access to calendars via Scheduling Assistant across tenants? What about Sharepoint access across tenants?
Yes, you can use SharePoint across multiple tenants
How does this work with users that we sync from On-prem using Azure AD Sync?
It’s independent
@@AndyMaloneMVP so by that do you mean that we won’t be able to sync uses from our tenant to another one because they are on-prem synced?
@@noahpeltier Asking the same question
@@noahpeltier This won't interfere with AAD Sync. The Multi Tenant Collaboration basically sets up another sync between the source and destination tenant. Has nothing to do with your onprem to MS365 AADSync.
Nice video but I still find this complex and worry about inadvertently opening up a security hole.
Plan carefully I think
Hi Andy! My name is Fer Peláez. I've sent you a note on LinkedIn to inquire about a Microsoft consulting for my business. I would love to chat with you if possible. Thanks!
Hi yes I did receive your message. Unfortunately I had an appointment today. I’m afraid I’m unable to take on this work due to my heavy workload at the moment. I do wish you all the best though and if I may suggest visit Microsoft.com/MVP and you might be able to locate an MVP or a Microsoft partner close to where you live. This may be more appropriate. I wish you all the best and good luck, Andy
No problem. Thanks, @@AndyMaloneMVP !