cross-tenant-synchronization

What is Cross-Tenant Synchronization | MS-700 Certification

Microsoft Azure / By

In today’s digital world, collaboration within and outside the organization becomes essential. To make it effective, we can go for collaboration tools like MS Teams. Third parties can also access our organization’s resources with some restrictions via Microsoft Teams. But here comes an issue, the user of one of these firms needs to access resources on the other tenant.

This challenge was traditionally addressed by utilizing Azure B2B, which allowed manual invitation of users across tenant borders and the assignment of access to the required resources.  Yet, a common demand emerged — to automate this process, ensuring that users could seamlessly collaborate while maintaining synchronized data. In essence, changes like a user’s name or department updates should effortlessly propagate across all the collaborating tenants.

Here comes Cross-Tenant Synchronization into play. This feature allows us to maintain all the user’s data in sync across tenants and if a user leaves a company, their accounts will be removed from the other tenants in the Azure directory. To know more about cross-tenant synchronization in Teams, you can take Microsoft Teams MS-700 Certification.

Let’s dive in to know more!

What is Cross Tenant Synchronization in MS Teams?

As the name itself implies cross-tenant synchronization is an option that exists in Azure AD and falls under Microsoft 365 Applications. Its main purpose is to bring synchronization of multiple tenants in a flexible manner.

Using automation, cross-tenant synchronization in the MS teams can minimize the likelihood of security errors and administrative errors that may level up during multiple tenant management. Thus, it can permit the users to access the resources and contents across tenants flexibly without affecting any development process.

Cross-tenant synchronization offers a seamless way to automatically generate user accounts across multiple tenants within your organization. These users, created through the synchronization process, continue to authenticate just as they would on their primary tenant. Additionally, each application can apply conditional access policies designed for specific needs.

cross-tenant-synchronization-overview
Image Source : www.microsoft.com

This means that users throughout your organization gain the ability to access applications regardless of which tenant hosts them. This extends to not only Microsoft applications but also third-party solutions like ServiceNow, Adobe, and an extensive array of SaaS apps.

Behind the scenes, this synchronization process operates in a transparent way to the end-user. And thus you can be able to know the entire functionality of Azure AD B2B, seamlessly integrating with Azure AD’s robust security and governance capabilities. This also has integrated features like conditional access, cross-tenant access settings, and entitlement management to achieve a comprehensive and secure user experience across tenants.

Also Read : Free Exam Questions on MS : 700 Certification Exam

How to enable the Cross-tenant synchronization option in MS Teams?

To initiate cross-tenant synchronization between tenants A and B, you must get the tenant ID of the company (Azure AD tenant) you intend to collaborate with – let’s say, for instance, Company X.

Next, within Company Y’s Azure Portal, navigate to Azure Active Directory and locate the section labeled “External Identities.” From there, proceed to “Cross-tenant access settings.” Here, you’ll find an option to “Add organization.” Insert the tenant ID corresponding to Company X into this field.

After connecting Company X and Company Y’s systems for cross-tenant collaboration, you can set some rules to make everything work smoothly.

  • Inbound Rules: If you’re in Company Y’s system and you want people from Company A to access your stuff, you can allow that. It’s like saying, “Company X, you can come in and see our things.”
  • Trust Settings: You can also make it easier for people from Company X by turning off some extra steps they usually need to do when accessing your stuff. It’s like giving them a “shortcut.”
  • Outbound Rules: Now, in Company X’s system, you also need to make things smooth for people from Company Y who want to access your stuff. You can create some rules here too.

Once you finish these steps, you’ll have a simple and smooth way for both companies to work together using each other’s resources.

Next, click on “Configuration” and choose “New configuration” from the options. Give your configuration a name, like “Y to X,” and save it. Once you’ve created the configuration, select it, and you can start adding users and groups.

Here, I have chosen a demo user. Now, find the tenant ID of the target tenant (the one you want to connect with) and go to the Provisioning Accounts section. Here, you’ll specify the target tenant ID where you want to create accounts and remember to save this information.

Scroll further down to the “Mappings” section. This is where you can decide what information you want to synchronize. You can add extra details or even remove some standard ones.

One interesting attribute is “showInAddressList.” If you set it to “TRUE,” it means all users will show up in a list of the target tenants. This makes it easier to find and connect with users from different tenants.

Now, go back to your cross-tenant synchronization setup and pick “Provision on demand.” Select the user you want to synchronize (let’s call them “CrossTenantSynchronization”). In just a few seconds, their account will be created in the target tenant.

In the target tenant, go to the Azure Portal’s Users menu, and you’ll notice that the new user is listed as a “Member.”

From this point forward, any changes you make to this user will automatically update the target tenant without you needing to do anything extra.

Of course, you can apply the same process to groups in your Active Directory (AD) instead of individual user accounts. When you use groups, any users added to or removed from those selected groups will also sync with the target tenant automatically.

It’s important to note that the synchronization process occurs at fixed intervals, currently set to start every 40 minutes. This ensures that information stays up-to-date between the connected tenants.

Things to be considered while going for the Cross-Tenant Synchronization option

  • Users who are internal members within their source tenants can be synchronized to other tenants. However, internal guests, who have a slightly different status, cannot be synchronized from source tenants.
  • When users are synchronized to target tenants, they are typically treated as external members by default. This helps maintain a clear distinction between users from different organizations.
  • If you already have users collaborating across tenants, the cross-tenant synchronization process is smart enough to identify these users and update their information as needed. For instance, if a user changes their display name, this change will be reflected in the target tenant automatically.
  • By default, the “UserType” attribute, which distinguishes between guest and member status, doesn’t change from guest to member during synchronization. However, you have the flexibility to configure this attribute according to your specific requirements through attribute mappings. This way, you can tailor the synchronization process to align with your organization’s needs and user management practices.

What are the limitations of Cross-tenant synchronization in MS Teams?

limitations-cross-tenant-synchronization

Here are some limitations in choosing the Cross-tenant synchronization option:

  • One-Way Sync: Cross-tenant synchronization works in one direction only. It means there’s always one main source and one receiving side. If your organization is complex, you might need multiple setups for different groups of users.
  • No Automatic Attribute Updates: The receiving side doesn’t actively check for changes in user information from the source side. This could lead to differences in user details between the two sides.
  • No Cross-Cloud Support: This synchronization only works within the same cloud system (Azure). It doesn’t support syncing across different cloud providers or platforms.
  • Only Azure AD Users: You can only sync Azure Active Directory (AD) user accounts. Other things like groups, devices, and contacts can’t be synchronized.
  • Fixed Sync Timing: Synchronization occurs at set intervals, specifically every 40 minutes. This means changes may not be updated in real-time.
  • Limitations in Certain Services: In some services like Power BI, Azure Virtual Desktop, and Teams Connect shared channels, external members might have limited access or functionality.
  • Limited Attributes: Not all user attributes are synchronized. Some information might not transfer over and it significantly affects the completeness of user profiles on the receiving side.

FAQs

Define the term cross-tenant sync.

The cross-tenant synchronization helps to automate the creation, updating, and elimination of the B2B collaboration users of the Azure AD across the various tenants in an organization. By doing so, the user can be able to access the applications and collaborate across the various tenant.

How to enable cross-tenant access settings in Azure Active Directory?

To enable cross-tenant settings in Azure Active Directory, 

  • You need to sign in to the Azure portal with the usage of a Global administrator account with a customized role. 
  • Then navigate into Azure Active Directory service.
  • Select the External Identities, and then click on Cross-tenant access settings. 
  • Click on the Default settings tab and then review the summary page.

Does Microsoft Teams support multi-tenancy?

In the context of Microsoft Teams, a multi-tenant application refers to one that can serve multiple organizations or teams within a single tenant. The implementation of multitenancy in a Microsoft Teams application involves utilizing Azure Active Directory (AAD) and the Microsoft Graph API.

What does cross-tenant migration includes?

 Cross-tenant mailbox migration enables tenant administrators to utilize familiar tools such as Exchange Online PowerShell and MRS to move users to their new organization.

Conclusion

Hope this article covers detailed information on cross-tenant synchronization in MS Teams, how to enable it, and what things must be taken into account while using cross-tenant synchronization in MS Teams.

To further upskill in cross-tenant synchronization, taking MS-700 Certification can be an ideal choice. To get more information on MS-700 Certification, make use of study resources such as MS-700 Practice tests, MS-700 study guides, and so on. It is important that we do not offer any MS-700 dumps at any cost.

To dive more deeply into Microsoft Teams, grab our Azure hands-on labs and Azure sandboxes.

About Senthil

Senthil Kumar is a Data Research and Analytics Lead with over 6+ years of experience in the field. He is a highly skilled data analyst, able to use his analytical abilities to turn business objectives into actionable insights.With strong planning and organizational skills, and an unwavering focus on the customer, Senthil is able to deliver successful projects that align with the organization's objectives. He is able to think both laterally and pragmatically, which enables him to come up with innovative solutions that drive the organization's success.

Related Posts

Leave a Comment

Your email address will not be published. Required fields are marked *


Scroll to Top