Tag Archives: microsoft

Overview of Microsoft 365 Multi-Tenant Organizations (Preview)

Posted on by

Microsoft has multi-tenant organizations, a new Entra ID solution that’s available in Preview.

The multitenant organization capability is designed for organizations that own multiple Microsoft Entra tenants and want to streamline intra-organization cross-tenant collaboration in Microsoft 365. It’s built on the premise of reciprocal provisioning of B2B member users across multitenant organization tenants.

Collaboration in Microsoft 365 is built on the premise of reciprocal provisioning of B2B identities across multitenant organization tenants.

Members Not Guests

When Entra ID synchronizes accounts from a source tenant to a target tenant, it creates the entries in the target tenant as member accounts, not guest accounts. If you examine the properties of a synchronized account, you can see that the user principal name looks like a guest account but the user type is the same as a regular user account:

Side-by-side multitasking and cross-tenant notifications

With the new Teams client, users can now work across multiple tenants and accounts in side-by-side windows. They can join a meeting or collaborate in a channel hosted in another tenant, and simultaneously compose chat messages in their own tenant. Users can receive cross-tenant notifications for all accounts and tenants added to the Teams client, no matter which one is currently in focus.

Limitations for multitenant organizations in Microsoft 365 preview

The following are limitations of the multitenant organizations in Microsoft 365 preview:

  • A maximum of five tenants in the multitenant organization is supported.
  • A maximum of 100,000 users per tenant is supported.
  • Teams on the web, Microsoft Teams Rooms (MTR), and VDI/AVD aren’t supported.
  • The ability to grant or revoke permission to receive notifications from other tenants and to switch between tenants isn’t supported on mobile.
  • People in your organization links may not work for users from another tenant if their account had originally been a guest and they had previously accessed SharePoint resources.
  • It might take up to seven days for a user to appear in search once they’ve been synchronized. Contact Microsoft support if users aren’t searchable after seven days.
  • Support for a guest UserType of member in Power BI is currently in preview. For more information, see Distribute Power BI content to external guest users with Microsoft Entra B2B.

If you want to add more than five tenants or 100,000 users per tenant, contact Microsoft support.

Cross-tenant synchronization in Microsoft Teams:

  • Cross-tenant synchronization is a one-way process. This means that users from the source tenant are synchronized to the target tenant, but not the other way around.
  • Synchronized users have their own account in the target tenant. This means that they have their own profile, mailbox, and Teams chat history.
  • Synchronized users can access Teams in the target tenant. They can chat with other users, join teams, and participate in meetings.
  • Synchronized users cannot access other Microsoft 365 services in the target tenant. This is because they are not considered to be full members of the target tenant.

The basic issue here is that the original cross-tenant synchronization mechanism wasn’t tailored to support Microsoft 365 apps. The MTO (Multi-Tenant Organization) is explicitly engineered to support Microsoft 365, so it looks (from initial tests) that the use objects synchronized to another tenant a) appear in the GAL and b) are routable because their SMTP mail address is valid.

In the next post we will go deeper on how to configure MTO step by step. Stay tune for more goodies …

Next-generation AI to work, introducing to you Microsoft 365 Copilot…

Posted on by

Copilot is integrated into Microsoft 365 in two ways. It works alongside you, embedded in the Microsoft 365 apps you use every day like Word, Excel, PowerPoint, Outlook, Teams, and more, to unleash creativity, unlock productivity, and uplevel skills. TMicrosoft also announcing an entirely new experience: Business Chat. Business Chat works across the LLM, the Microsoft 365 apps, and your data—your calendar, emails, chats, documents, meetings, and contacts—to do things you’ve never been able to do before. You can give it natural language prompts like “tell my team how we updated the product strategy” and it will generate a status update based on the morning’s meetings, emails, and chat threads.

Recent GitHub data shows that among developers who have used GitHub Copilot, 88 percent say they are more productive, 77 percent say the tool helps them spend less time searching for information, and 74 percent say they can focus their efforts on more satisfying work.

Copilot will only query accessible data based on the controls you set up in your organization. If your organization already has the right information, access controls, and policies set up, then you’re already a step ahead!

Permissions within your Microsoft 365 tenant prevent data leakage among users, groups, and tenants. Microsoft 365 Copilot uses your existing permissions and policies to deliver the most relevant data, so obtaining good content management practices at the beginning is important. 

Be Copilot ready

Before you can access Copilot for Microsoft 365, you must meet the following requirements:

  • Microsoft 365 E3 or E5 are licensing prerequisites (For SMB Customers, Microsoft 365 Business Standard or Business Premium will be eligible base licenses).
  • a Microsoft Entra ID-based account is required
  • OneDrive Account You need to have a OneDrive account for several features within Copilot, such as saving and sharing your files. Deploy a OneDrive account.
  • New Outlook (for Windows and Mac) For seamless integration of Copilot with Outlook, you’re required to use the new Outlook (for Windows and Mac), currently in preview. You can switch to the new Outlook by selecting “Try the new Outlook” in your existing Outlook client. For more information, see Getting started with the new Outlook for Windows.
  • Microsoft Teams To use Copilot with Microsoft Teams, you must use the Teams desktop client or web client. Both current and new versions of Teams are supported. Mobile-only users have limited functionality.
  • Microsoft Loop To use Copilot in Microsoft Loop, you must have Loop enabled for your tenant. For more information on enabling Loop, see Get started with Microsoft Loop.

Protect your Copilot for Microsoft 365 data with Microsoft 365 security tools

Microsoft recommends the “just enough access” approach to addressing this situation. In this approach, each user can access only the specific information required for their job. This approach entails tightly controlling permissions so users can’t access documents, sites, or data they shouldn’t see.

Microsoft tools for securing data

Microsoft 365, Copilot for Microsoft 365, and connected services all use the policies and settings that administrators define to tighten permissions and implement “just enough access.” They do so through plugins and Microsoft Graph connectors to prevent data oversharing. The following list provides a brief summary of some of the tools that administrators can use to define these policies and settings:

  • Microsoft Purview Information Protection. Classify and optionally encrypt documents and emails based on sensitivity. You can create policies to restrict access to only authorized users.
  • Microsoft Purview sensitivity labels. Classify and label SharePoint sites, documents, and emails with sensitivity tags like “Confidential” or “Internal use only.” You can create policies to limit access to assets with specific sensitivity tags.
  • Microsoft Entra conditional access policies. Grant or restrict access to Microsoft 365 information and services, including SharePoint, based on conditions like user location, device, or network. These policies are useful for limiting access when the system detects risks or user credentials become compromised.
  • Microsoft Entra Privileged Identity Management (PIM). Provide just-in-time admin access, enforce the principle of least privilege, and limit permanent standing privileges by only granting a user the permissions they need when needed.
  • SharePoint site access reviews. Require and automate access reviews of site owners, members, and access requests, to revoke permissions that users don’t need or no longer require. Access reviews ensure users only retain the access they need for their role.
  • Microsoft Graph connectors and plugins. Limit access to connected external data using Microsoft Graph connectors or plugins.

There 18 Microsoft 365 Copilot versions, we will go in deep later on on this series….To be continue, stay tune