Separation of a domain as two separate company

Khushi 0 Reputation points
2023-11-07T17:38:52.8633333+00:00

Hi,

I have an environment where there is a domain which needs to be separated into 2 tenants. Currently the domains have been the same and there is a single azure tenant. Now, this needs to be separated into two. What should be the best way to start the separation process taking identities and security into picture?

Below is the list of services that needs to be separated.

 

On prem - multi-forest design, Account management, ad tools, active roles server, change auditor, GPO, group management, domain isolation/IPsec, red domain.

 

Cloud - MS Entra ID, B2B for teams and SP, B2C, Exchange online, M365 suite, MFA, Self-service password reset, Intune MDM, Azure key vault, MIP data governance/sensitivity labels.

could you please help me on this as soon as possible.

Thanks!

Active Directory
Active Directory
A set of directory-based technologies included in Windows Server.
6,738 questions
Microsoft Entra External ID
Microsoft Entra External ID
A modern identity solution for securing access to customer, citizen and partner-facing apps and services. It is the converged platform of Azure AD External Identities B2B and B2C. Replaces Azure Active Directory External Identities.
2,955 questions
Microsoft Entra Internet Access
Microsoft Entra Internet Access
A Microsoft Entra service that provides an identity-centric Secure Web Gateway that protects access to internet, software as a service (SaaS), and Microsoft 365 apps and resources.
27 questions
Microsoft Entra
Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
22,536 questions
0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. James Hamil 26,116 Reputation points Microsoft Employee
    2023-11-10T00:44:51.5033333+00:00

    Hi @Khushi , you can follow these steps and it should work well for your use case:

    1. Create a new tenant: This will provide a separate set of administrators, configurations, and resources.
    2. Migrate on-premises services: For your on-premises services like multi-forest design, account management, and GPO, you'll need to plan and execute a migration strategy to split these services between the two tenants.
    3. Configure cross-tenant access: Use External Identities cross-tenant access settings to manage collaboration between the two Azure AD organizations through B2B collaboration.
    4. Migrate cloud services: For cloud services like Exchange Online, M365 suite, and Intune MDM, you'll need to plan and execute a migration strategy to split these services between the two tenants.
    5. Implement Azure Lighthouse: For cross-tenant management of Azure resources, consider implementing Azure Lighthouse.
    6. Configure Azure AD B2B collaboration: Configure Azure AD B2B collaboration in the new tenant to allow only identities from the corporate environment to be onboarded using Azure B2B allow/deny lists.
    7. Identity isolation: If needed, consider identity isolation through multiple tenants for business-critical resources that require a highly defensive approach.

    Please let me know if you have any questions and I can help you further.

    If this answer helps you please mark "Accept Answer" so other users can reference it.

    Thank you,

    James

    1 person found this answer helpful.

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.