Understand how multiple Microsoft Entra ID (formerly Azure AD) tenant organizations interact
In Microsoft Entra ID, a component of Microsoft Entra, each organization within Microsoft Entra operates as a fully autonomous entity, existing as a peer that is logically separate from other managed Microsoft Entra organizations. This autonomy encompasses resource management, administrative functions, and synchronization processes. Notably, there are no hierarchical parent-child relationships between these organizations.
Resource independence
- The creation or deletion of a Microsoft Entra resource within one organization does not impact resources within other organizations, except for external users who are a partial exception to this rule.
- Additionally, if you register a domain name with one organization, it cannot be used for any other organization.
Administrative independence
If a non-administrative user from the organization 'Example' creates a test organization called 'Test,' the following conditions apply:
- By default, the user who creates the organization becomes an external user within the new organization and is assigned the Global Administrator role within that organization.
- The administrators of the 'Example' organization do not possess direct administrative authority over the 'Test' organization unless an administrator from 'Test' explicitly grants them these privileges.
- Changes made to a user's Microsoft Entra roles within one organization, such as adding or removing roles, do not impact roles assigned to the user in any other Microsoft Entra organization. Each organization's role assignments remain independent of one another.
Synchronization independence
Each Microsoft Entra organization can be configured independently to synchronize data from different AD forests using the Microsoft Entra Connect tool.
Adding a Microsoft Entra organization
- Sign-in to the Microsoft Entra admin center by signing in with the credentials of a Global Administrator or higher.
- Choose Microsoft Entra ID.
- On the tenant's Overview page, click on Manage tenants.
- Select Create.
- Choose Workforce and input the required details. Microsoft Entra ID will generate a new organization that will be listed among your organizations.
About ManageEngine M365 Manager Plus
M365 Manager Plus is an extensive Microsoft 365 tool used for reporting, managing, monitoring, auditing, and creating alerts for critical incidents. With M365 Manager Plus, you can use the following features to enhance the administration of your entire Microsoft 365 environment, all from a single console:
- Manage mailboxes, users, groups, sites, and contacts effortlessly in bulk.
- Gain a thorough understanding of your environment in Exchange Online, Azure Active Directory, SharePoint Online, OneDrive for Business, and other Microsoft 365 services with detailed reports.
- Delegate specific tasks, access to selected reports, or control over specific objects in your environment via Virtual Tenants to your admins, ensuring tasks are performed without elevating their Microsoft 365 account privileges.
- Keep tabs on even the most granular user activities in your Microsoft 365 environment.
- Monitor the health and performance of Microsoft 365 features and endpoints around the clock.
- Create custom roles with any combination of reporting, management, and auditing tasks and assign them to non-administrative users to reduce the workload of Microsoft 365 admins.
Effortlessly schedule and export reports on your Microsoft 365 environment.
Try now for free