Cross-tenant synchronization

Microsoft Security
15 Mar 202307:55

Summary

TLDRIn this video, Arvind, a Product Manager on the Azure AD team, introduces cross-tenant synchronization, a feature that enables organizations to automate the process of inviting users across different Azure AD tenants and maintaining their data in sync. The demonstration showcases how to set up cross-tenant access policies, establish trust, and configure synchronization between two tenants, ensuring that user changes are automatically reflected across all connected tenants. This allows for seamless access to resources and simplifies management across multiple organizations.

Takeaways

  • 📝 The video is presented by Arvind, a Product Manager on the Azure AD team, focusing on cross-tenant synchronization.
  • 🔄 Cross-tenant synchronization is a feature that allows for the sharing of resources across different Azure AD tenants, facilitating collaboration between merged or acquired companies.
  • 💼 The example scenario involves Contoso, which uses M365 and Azure, and an acquired company with its own Azure AD tenant and resources.
  • 🤝 Azure AD B2B enables inviting users from different tenants and assigning them the necessary access to resources.
  • 📊 There's a demand for automating the process of inviting users across organizations and keeping their data synchronized across all tenants.
  • 🛠️ Cross-tenant synchronization automatically invites B2B users across tenants and keeps them updated, including removing accounts when employees leave.
  • 📱 The setup process involves configuring cross-tenant access policies and trust settings in the Azure portal.
  • 🔑 Admins can consent on behalf of end users to avoid consent prompts when accessing resources for the first time.
  • 🔄 The configuration for cross-tenant synchronization includes assigning users or groups, specifying the target tenant ID, and defining attribute mappings.
  • 👤 The user type attribute can be set to 'B2B member' to provide a unified multi-tenant organization experience.
  • 🔍 By setting the 'show in address list' attribute to true, users become searchable across tenants in the target tenant's gallery.
  • ⚙️ On-demand provisioning allows for quick account creation in the target tenant, with updates and changes automatically reflected across all connected tenants.

Q & A

  • What is the main topic of the video presented by Arvind?

    -The main topic of the video is cross-tenant synchronization in Azure AD B2B, which allows users from different tenants to access resources across their organizational boundaries.

  • What does Contoso initially use for collaboration and cloud resource management?

    -Initially, Contoso uses M365 for collaboration and Azure to manage cloud resources and non-Microsoft apps like Adobe.

  • What is the scenario where cross-tenant synchronization becomes necessary for Contoso?

    -Cross-tenant synchronization becomes necessary when Contoso acquires a new company with its own Azure AD tenant, and users from both companies need to access resources from the other tenant, like ServiceNow or Adobe.

  • How does Azure AD B2B facilitate access to resources across different tenants?

    -Azure AD B2B allows you to invite users across tenants and assign them access to the necessary resources, automating the process and keeping their data in sync across all tenants.

  • What is the purpose of the Azure portal demonstration in the video?

    -The purpose of the Azure portal demonstration is to show how to set up cross-tenant synchronization between two tenants, ZT Tire Company and Woodgrove.

  • What is the first step in setting up cross-tenant access policy in the Azure portal?

    -The first step is to grab the tenant ID of one company and go into external identities in the other company's tenant to set up the cross-tenant access policy.

  • What does the 'consent prompt' setting in the trust settings tab allow an admin to do?

    -The 'consent prompt' setting allows an admin to consent on behalf of end users in their organization, so they won't face a consent prompt when accessing resources in the target tenant for the first time.

  • How does the outbound policy work in the context of cross-tenant synchronization?

    -The outbound policy allows the admin of one tenant to consent on behalf of users in their tenant, so those users won't have to face a consent prompt when accessing resources in the target tenant.

  • What is the significance of the user type attribute in cross-tenant synchronization?

    -The user type attribute is significant because it determines whether the user is treated as a B2B guest or a B2B member, with the latter providing a full multi-tenant organization experience.

  • What does the 'show in address list' attribute do in cross-tenant synchronization?

    -By setting the 'show in address list' attribute to true, all users will be visible in the target tenant's gallery, allowing admins to search for users across tenants.

  • How can an admin quickly provision a user account in the target tenant using on-demand provisioning?

    -An admin can quickly provision a user account in the target tenant by using on-demand provisioning, which allows them to create a user account within a few seconds.

  • What happens to user accounts when they leave the company in the context of cross-tenant synchronization?

    -When a user leaves the company, the changes, including their departure, will automatically be reflected across all tenants where the user was provisioned, without requiring manual action.

  • How can additional users be assigned access to necessary apps in cross-tenant synchronization?

    -Additional users can be assigned to a configuration, and as they join or leave the group associated with the configuration, they will be provisioned or deprovisioned automatically, with access to all the apps they need.

Outlines

plate

Cette section est réservée aux utilisateurs payants. Améliorez votre compte pour accéder à cette section.

Améliorer maintenant

Mindmap

plate

Cette section est réservée aux utilisateurs payants. Améliorez votre compte pour accéder à cette section.

Améliorer maintenant

Keywords

plate

Cette section est réservée aux utilisateurs payants. Améliorez votre compte pour accéder à cette section.

Améliorer maintenant

Highlights

plate

Cette section est réservée aux utilisateurs payants. Améliorez votre compte pour accéder à cette section.

Améliorer maintenant

Transcripts

plate

Cette section est réservée aux utilisateurs payants. Améliorez votre compte pour accéder à cette section.

Améliorer maintenant
Rate This

5.0 / 5 (0 votes)

Étiquettes Connexes
Azure ADB2BCross-TenantSynchronizationSSOCollaborationResource ManagementUser AccessAutomationCloud Security
Besoin d'un résumé en anglais ?