How to handle: Two companies, One Azure Tenant

Question

Hi all,

I'm looking for some help in configuring two companies under one Azure Tenant. What are the caveats or how can I achieve this configuration? I would like to keep both companies under the same tenant but make sure that billing can be allocated to the appropriate business. Most, if not, all of the documentation out there on Multi-domain, single tenant are in regards to mergers and acquisitions. In my case, the business is starting a new entity in the same industry.

Can I have two domains synchronized to the same tenant? How can I ensure that users in one domain do not see accounts in the new domain? Is it possible for users from CompanyA to access resources in CompanyB if desired and vice versa? How would I manage new O365 subscriptions for users in that new domain?

Thanks!

Answer 1

At the very beginning, it's important to understand that Office 365 is a global SaaS collaborative suite of applications. And in this description, we have collaborative. So, yes by default, all the people and accounts that will be created in one tenant will be able to see each other, work together, share documents with SharePoint Online or OneDrive 4 Business. Because, it's one of the main objective (with permissions and delegation that can always be configured).

If your two companies have each one a dedicated Active Directory, you can completely configure only 1 AAD Connect that will be able to parse your 2 on-prem Active Directory and have all your accounts synchronized in one tenant. And you can also have 2 (or more) domains configured to one tenant.

But, in this scenario, you may have some difficulties if you want to hide some accounts or have a clear and logic separation in your daily manangement or billing. It's not impossible, we can hide some stuff in the GAL or manage permissions/delegations with groups to access to SPO sites and so on... but it will require some work on your side. And when I'm reading your first message, it seems the separation looks important to you.

If really, your companies are that different and must be separated in organization, billing, works and so on. You should consider to have 2 different tenant (depending on the way you're working).

Answer 2

@SnakeDoctor It is indeed an important scenario and many big organization plan it according to their needs. If your environment has multiple forest, they can get synchronized to one single tenant make it easier for companies to manage their Identities from a single place. For supported scenarios of user synchronization, please have look here.

In Azure AD you can use the concept of Role based access Control to make sure people see and use the services which they have access to.
Many companies create several subscriptions in order to keep the department specific resources and billing in silos. They have access to just their own subscription and if combined with proper permissions and roles, they can co-exist together in such a way that the people from other department do no see or access resources to other subscriptions. To understand how this subscription based model works, you can read about this here.

For your concern on inter-tenant collaboration, I highly recommend to read this Microsoft Inter Tenant Collaboration article which explains data sharing with respect to Exchange, sharepoint or teams collaborations.

-----------------------------------------------------------------------------------------------------------------

If the suggested response helped you resolve your issue, do click on "Mark as Answer" and "Up-Vote" for the answer that helped you for benefit of the community.