Grant access to Azure services (tenant to tenant)

Leo Johnson 151 Reputation points
2021-06-23T13:16:32.43+00:00

Hi y'all,

We just moved one of our sister companies to their own Azure tenant, while the rest of the company stayed in the current tenant.

But now they need to access some services in the old tenant, like PowerBi and other services.

What is the best way to grant the moved users access to the services in the old tenant?

Any advice?

Leo

Azure Active Directory
Azure Active Directory
An Azure enterprise identity service that provides single sign-on and multi-factor authentication.
13,517 questions
Azure Active Directory External Identities
Accepted answer
  1. singhh-msft 2,381 Reputation points
    2021-06-23T18:00:30.933+00:00

    @Leo Johnson , thank you for reaching out to us. I see that you want to manage and collaborate with users of another tenant in your own tenant. You can use Azure AD B2B for this.

    Azure Active Directory (Azure AD) business-to-business (B2B) collaboration is a feature within External Identities that lets you invite guest users to collaborate with your organization. With B2B collaboration, you can securely share your company's applications and services with guest users from any other organization, while maintaining control over your own corporate data.

    You can check out Enable B2B external collaboration and manage who can invite guests where you will know how to enable Azure Active Directory (Azure AD) B2B collaboration, designate who can invite guests, and determine the permissions that guest users have in your Azure AD. By default, all users and guests in your directory can invite guests even if they're not assigned to an admin role. External collaboration settings let you turn guest invitations on or off for different types of users in your organization. I would recommend you to select Allow invitations only to the specified domains (most restrictive) option while configuring the B2B:

    108751-image.png

    Further, you can give individual users the ability to invite guests without assigning them a global administrator or other admin role. Here's an example that shows how to use PowerShell to add a user to the Guest Inviter role: 

    Add-MsolRoleMember -RoleObjectId 95e79109-95c0-4d8e-aee3-d01accf2d47b -RoleMemberEmailAddress <RoleMemberEmailAddress>

    To invite bulk users from the sister directory, you can Use PowerShell to bulk invite Azure AD B2B collaboration users OR Bulk invite Azure AD B2B collaboration users.

    Let me know if you have any follow-up questions, will be happy to take.

    -----------------------------------------------------------------------------------------------------------

    Please "Accept the answer" and upvote if the information helped you. This will help us and others in the community as well.

0 additional answers

Sort by: Most helpful
Most helpful Newest Oldest