Grant access to Azure services (tenant to tenant)

Leo Johnson 151 Reputation points
2021-06-23T13:16:32.43+00:00

Hi y'all,

We just moved one of our sister companies to their own Azure tenant, while the rest of the company stayed in the current tenant.

But now they need to access some services in the old tenant, like PowerBi and other services.

What is the best way to grant the moved users access to the services in the old tenant?

Any advice?

Leo

Microsoft Entra External ID
Microsoft Entra External ID
A modern identity solution for securing access to customer, citizen and partner-facing apps and services. It is the converged platform of Azure AD External Identities B2B and B2C. Replaces Azure Active Directory External Identities.
2,629 questions
Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
19,305 questions
0 comments No comments
{count} votes

Accepted answer
  1. singhh-msft 2,431 Reputation points
    2021-06-23T18:00:30.933+00:00

    @Leo Johnson , thank you for reaching out to us. I see that you want to manage and collaborate with users of another tenant in your own tenant. You can use Azure AD B2B for this.

    Azure Active Directory (Azure AD) business-to-business (B2B) collaboration is a feature within External Identities that lets you invite guest users to collaborate with your organization. With B2B collaboration, you can securely share your company's applications and services with guest users from any other organization, while maintaining control over your own corporate data.

    You can check out Enable B2B external collaboration and manage who can invite guests where you will know how to enable Azure Active Directory (Azure AD) B2B collaboration, designate who can invite guests, and determine the permissions that guest users have in your Azure AD. By default, all users and guests in your directory can invite guests even if they're not assigned to an admin role. External collaboration settings let you turn guest invitations on or off for different types of users in your organization. I would recommend you to select Allow invitations only to the specified domains (most restrictive) option while configuring the B2B:

    108751-image.png

    Further, you can give individual users the ability to invite guests without assigning them a global administrator or other admin role. Here's an example that shows how to use PowerShell to add a user to the Guest Inviter role:

    Add-MsolRoleMember -RoleObjectId 95e79109-95c0-4d8e-aee3-d01accf2d47b -RoleMemberEmailAddress <RoleMemberEmailAddress>  
    

    To invite bulk users from the sister directory, you can Use PowerShell to bulk invite Azure AD B2B collaboration users OR Bulk invite Azure AD B2B collaboration users.

    Let me know if you have any follow-up questions, will be happy to take.

    -----------------------------------------------------------------------------------------------------------

    Please "Accept the answer" and upvote if the information helped you. This will help us and others in the community as well.


0 additional answers

Sort by: Most helpful