Understand how multiple Microsoft Entra tenant organizations interact
In Microsoft Entra ID, part of Microsoft Entra, each Microsoft Entra organization is fully independent: a peer that is logically independent from the other Microsoft Entra organizations that you manage. This independence between organizations includes resource independence, administrative independence, and synchronization independence. There's no parent-child relationship between organizations.
Resource independence
- If you create or delete a Microsoft Entra resource in one organization, it has no effect on any resource in another organization, with the partial exception of external users.
- If you register one of your domain names with one organization, you can't use it for any other organization.
Administrative independence
If a non-administrative user of organization 'Contoso' creates a test organization 'Test,' then:
- By default, the user who creates an organization adds as an external user in that new organization, and assigned the Global Administrator role in that organization.
- The administrators of organization 'Contoso' have no direct administrative privileges to organization 'Test,' unless an administrator of 'Test' specifically grants them these privileges.
- If you add or remove a Microsoft Entra role for a user in one organization, the change doesn't affect other roles. For example, roles that the user assigns in any other Microsoft Entra organization.
Synchronization independence
You can configure each Microsoft Entra organization independently to get data synchronized from different AD forests, using the Microsoft Entra Connect tool. See topologies for Microsoft Entra Connect for more information on supported topologies when there are multiple Microsoft Entra tenants.
Add a Microsoft Entra organization
- Sign in to the Microsoft Entra admin center as at least a Global Administrator.
- Select Microsoft Entra ID.
- Select Manage tenants.
- Choose Create.
- Select Workforce and provide the requested information. Microsoft Entra ID creates a new organization and appears in the list of organizations.
Note
Unlike other Azure resources, your Microsoft Entra organizations are not child resources of an Azure subscription. If your Azure subscription is canceled or expired, you can still access your Microsoft Entra organization's data using Azure PowerShell, the Microsoft Graph API, or the Microsoft 365 admin center. You can also associate another subscription with the organization.
Important
Azure AD PowerShell is planned for deprecation on March 30, 2024. To learn more, read the deprecation update. We recommend migrating to Microsoft Graph PowerShell to interact with Microsoft Entra ID (formerly Azure AD). Microsoft Graph PowerShell allows access to all Microsoft Graph APIs and is available on PowerShell 7. For answers to common migration queries, see the Migration FAQ.
Next steps
For Microsoft Entra ID licensing considerations and best practices, see What is Microsoft Entra ID licensing?.
Palaute
Tulossa pian: Vuoden 2024 aikana poistamme asteittain GitHub Issuesin käytöstä sisällön palautemekanismina ja korvaamme sen uudella palautejärjestelmällä. Lisätietoja on täällä: https://aka.ms/ContentUserFeedback.
Lähetä ja näytä palaute kohteelle