Synchronize users in multitenant organizations in Microsoft 365 (Preview)
Note
Multitenant organizations in Microsoft 365 is available in targeted release.
For users in your tenant to be able to collaborate with those in other tenants, you must synchronize your users to the other tenants.
We recommend that you set up security groups in Microsoft Entra ID and add the users that you want to synchronize. Note that users must be members of the security group - owners of the group aren't synchronized.
There are two ways to set up user synchronization:
- Share your users with other tenants in a multitenant organization by using the Microsoft 365 admin center (covered in this article)
- Configure user synchronization in Microsoft Entra ID
Both methods use cross-tenant synchronization in Microsoft Entra ID.
If you want to synchronize the same users with all the other tenants in a multitenant organization, we recommend sharing users in the Microsoft 365 admin center. This will create the necessary configurations in Microsoft Entra ID for you.
If you want to synchronize different users to different tenants, then you must configure cross-tenant synchronization directly in Microsoft Entra ID.
While you can create multiple cross-tenant synchronization configurations for a single external tenant, we recommend that you only use one for ease of administration.
Note
It might take up to 24 hours for synced users to be available in Microsoft 365 services such as Teams and SharePoint.
For more information about cross-tenant synchronization, see What is cross-tenant synchronization?.
If you have issues with user synchronization check the provisioning logs in Microsoft Entra ID.
User property synchronization
When you set up user synchronization with another tenant in a multitenant organization, the following user properties are synchronized:
| Property | Property |
|---|---|
| accountEnabled | physicalDeliveryOfficeName |
| alternativeSecurityIds | postalCode |
| city | preferredLanguage |
| country | showInAddressList |
| department | state |
| displayName | streetAddress |
| employeeId | surname |
| givenName | telephoneNumber |
| IsSoftDeleted | userPrincipalName |
| jobTitle | UserType (member) |
| mailNickname |
You can change the properties that are synchronized after the synchronization has been configured. For more information, see Configure cross-tenant synchronization.
Users synchronized to your tenant from other tenants
Users synchronized to your tenant from other tenants in your multitenant organization are synchronized as Microsoft Entra members rather than guests.
As members, people from other tenants have a more seamless collaboration experience. This includes access to files using people in your organization sharable links. (Consider using sensitivity labels if you need to limit who can access a file with a people in your organization link.)
If some people from the other tenant already have guest accounts in your directory, the synchronization process doesn't change their user type to member. You can change these users' user type to member by updating the user properties in Microsoft Entra ID.
Set up initial user synchronization for a multitenant organization
To synchronize identities to other tenants in a multitenant organization
- Sign in to the Microsoft 365 admin center as a global administrator.
- Expand Settings and select Org settings.
- On the Organization profile tab, select Multitenant collaboration.
- Select Share users.
- Select Select users and groups to share.
- Choose the security group that you created, and then select Save.
- Select Yes to confirm.
This creates a cross-tenant synchronization configuration in Microsoft Entra ID for each tenant in your multitenant organization. The synchronization configurations are named MTO_Sync_<TenantID>.
Set up user synchronization with newly added tenants
If you add additional tenants to your multitenant organization, you need to set up user synchronization with those tenants.
To set up user synchronization with newly added tenants
- Sign in to the Microsoft 365 admin center as a global administrator.
- Expand Settings and select Org settings.
- On the Organization profile tab, select Multitenant collaboration.
- Select Share users.
- Select Share current user scope.
- Select Yes to confirm.
Change which users are synchronized with other tenants
You can change which users are synchronized to other tenants in your multitenant organization.
To change which users are synchronized to other tenants
- Sign in to the Microsoft 365 admin center as a global administrator.
- Expand Settings and select Org settings.
- On the Organization profile tab, select Multitenant collaboration.
- Select Share users.
- Select Edit shared users and groups.
- Update the users and groups that you want to sync to other tenants and then select Save.
- Select Yes to confirm.
This procedure updates the MTO_Sync_<TenantID> synchronization configurations in Microsoft Entra ID for each tenant in your multitenant organization.
Related topics
Troubleshooting tips for multitenant organizations
Known issues for provisioning in Microsoft Entra ID
Plan for multitenant organizations in Microsoft 365
Set up a multitenant org in Microsoft 365
Join or leave a multitenant organization in Microsoft 365
Scoping users or groups to be provisioned with scoping filters
Feedback
Submit and view feedback for