Set up a multitenant org in Microsoft 365
You can set up a multitenant organization or add tenants to an existing one in the Microsoft 365 admin center.
When each external tenant accepts the invitation to join the multitenant organization, the following settings are configured in Microsoft Entra ID:
- A cross-tenant synchronization configuration is added with the name MTO_Sync_<TenantID>, but no sync jobs are created yet. (If you already have a cross-tenant synchronization configuration, it remains unchanged.)
- An organization relationship is added to the cross-tenant access settings based on the multitenant organization templates for cross-tenant access and identity synchronization. (If an organizational relationship already exists, the existing one is used.)
- The multitenant organization template for identity synchronization is set to allow users to sync into this tenant.
- The multitenant org template for cross-tenant access will be set to automatically redeem user invitations, inbound as well as outbound.
Important
Microsoft recommends that you use roles with the fewest permissions. Using lower permissioned accounts helps improve security for your organization. Global Administrator is a highly privileged role that should be limited to emergency scenarios when you can't use an existing role.
To set up a new multitenant org in Microsoft 365:
- Sign in to the Microsoft 365 admin center as a global administrator.
- Expand Settings and select Org settings.
- On the Organization profile tab, select Multitenant collaboration.
- Select Get started.
- Select Create a new multitenant organization, and then select Next.
- Type a name and description for the multitenant org.
- Enter the tenant IDs of any tenants that you want to invite to this org.
- Select Next.
- Select the Allow users to sync into this tenant from the other tenants in this multitenant organization and Suppress consent prompts for users from the other tenant when they access apps and resources in my tenant check boxes.
- Select Create multitenant organization.
- Copy the instructions for joining the multitenant org and email them to a global administrator in each of the orgs you invited.
- Select Done.
The next step after each external tenant accepts the invitation to join the multitenant organization is to synchronize your users with the other tenants. For details, see Synchronize users in multitenant orgs in Microsoft 365.
Important
Microsoft recommends that you use roles with the fewest permissions. Using lower permissioned accounts helps improve security for your organization. Global Administrator is a highly privileged role that should be limited to emergency scenarios when you can't use an existing role.
To add a tenant to your multitenant organization:
- Sign in to the Microsoft 365 admin center as a global administrator.
- Expand Settings and select Org settings.
- On the Organization profile tab, select Multitenant collaboration.
- Select Add new tenants.
- Enter the tenant IDs of the tenants you want to add, and then select Add tenant.
- Copy the instructions for joining the multitenant org and email them to a global administrator in each of the orgs you invited.
- Select Done.
The next step after each external tenant accepts the invitation to join the multitenant organization is to synchronize your users with the other tenants. For details, see Synchronize users in multitenant orgs in Microsoft 365.
Set up a multitenant organization using Microsoft Graph API
Plan for multitenant organizations in Microsoft 365
Join or leave a multitenant organization in Microsoft 365
Synchronize users in multitenant organizations in Microsoft 365