How to Leverage M365 Cross-Cloud and Cross-Tenant Collaboration
Microsoft 365 collaboration apps efficiently and effectively support day-to-day work activities for employees, partner organizations, and vendors. To create effective teamwork across your organization, you need to break down any barriers to collaboration. Microsoft 365 makes it possible for cross-cloud and cross-tenant collaboration to happen. For example, if two organizations each have Microsoft 365 tenants and want to work together on several projects, they can enable their people and teams to collaborate more effectively and productively across their different tenants in a secure and compliant manner.
What is an M365 Tenant?
Your Microsoft 365 tenant is the set of services assigned to your organization. This tenant is typically associated with one or more of your public DNS domain names and acts as an isolated and central container for different subscriptions and the licenses within them that you assign to user accounts. Your Microsoft 365 tenant also includes:
- An Azure Active Directory (Azure AD) tenant.
- A dedicated Azure AD instance for user accounts.
- Groups.
- Other objects.
Each Azure AD tenant is unique, distinct, and separate from all other Azure AD tenants. While your organization can have multiple Azure AD tenants that you can set up with Azure subscriptions, Microsoft 365 tenants can only use a single Azure AD tenant – the one that was created when you created the tenant.
M365 Cross-Cloud and Cross-Tenant Collaboration Scenarios
Here are several scenarios for cross-cloud and cross-tenant collaboration:
Share Calendars with External Users
It’s sometimes necessary for your users to schedule meetings with people outside your organization. To simplify the process of finding common meeting times, Microsoft 365 enables you to make calendars available and lets users share their schedules (free/busy information) with others.
To enable calendar sharing, you first need to enable anonymous meeting join in Meeting settings in the Microsoft Teams admin center. People outside the organization will be sent a URL that they can use to view the calendar. You can control anonymous users’ ability to join meetings either at your organization level or per meeting organizer by using two different policy settings.
Once sharing is enabled, your users can use Outlook Web App to share their calendars with anyone inside or outside the organization. People inside the organization can view the shared calendar along with their own calendar and choose what type of calendar information to make available to users – you can allow all information, or limit it to time only or time, subject, and location only.
Azure AD B2B Collaboration
Azure AD DC admin, Security Admin, User Admin, Cloud Application Admin, or Global admin for one Microsoft 365 tenant can invite people in another Microsoft 365 tenant to join their directory, add those external users to a group, and grant access to content, such as SharePoint sites and libraries for the group.
With Azure AD B2B collaboration, organizations can enforce multi-factor authentication (MFA) policies and conditional access for B2B users. These policies can be enforced at the individual user, tenant, or app level in the same way that they are enabled for members of the organization and full-time employees. Such policies are enforced at the resource organization.
Microsoft 365 Groups Guest Access
Microsoft 365 Groups is a service that works with the Microsoft 365 tools you use already, so you can collaborate with your teammates or partners when writing documents, creating spreadsheets, working on project plans, scheduling meetings, or sending an email. You don’t have to worry about manually assigning permissions to all those resources since adding members to the group automatically gives them the permissions they need to access the tools your group provides.
Guest access in Microsoft 365 Groups lets you and your team collaborate with people outside your organization by granting them access to group files, conversations, calendar invitations, and the group notebook. Admins can manage guests and their access to Microsoft 365 group resources using PowerShell.
All of the guest member’s interactions occur through their email inbox. They can’t access the group site but can receive calendar invitations, participate in email conversations, and if the admin has turned on the setting, they can open shared files using a link or attachment.
Create a B2B Extranet with Managed Guests
You can use Azure Active Directory Entitlement Management to create a B2B extranet to collaborate with a partner organization that uses Azure Active Directory. This allows users to self-enroll in the extranet site or team and receive access via an approval workflow.
With this method of sharing resources for collaboration, the partner organization can help maintain and approve the guests on their end, reducing the burden on your IT department and allowing those most familiar with the collaboration agreement to manage user access. Before you begin, create the site or team you want to share with the partner organization and enable it for guest sharing.
Manage Teams Guest Access
Anyone with a business or consumer email accounts, such as Outlook, Gmail, or others, can participate as a guest in Teams. With guest access, you can provide access to teams, documents in channels, resources, chats, and applications to people outside your organization, while maintaining control over your corporate data. Team owners can invite and manage how guests collaborate within their teams. Guests in Teams are covered by the same auditing and compliance protection as the rest of Microsoft 365 and can be managed within Azure AD.
To set external collaboration settings, log in to Azure Directory, click External Identities, and then go to External collaboration settings. You need to ensure that users assigned to specific admin roles and member users can invite guest users, including guests with member permissions. Anyone in the organization can also invite guest users, including guests and non-admins are selected.
If you work with guests from multiple organizations, you may want to restrict their access to directory data – this will prevent them from seeing who else is a guest in the directory. To do this, under Guest user access restrictions, select Guest users have limited access to properties and membership of directory objects settings, or Guest user access is restricted to properties and memberships of their own directory objects.
Wrapping Up
With M365 cross-cloud and cross-tenant collaboration, you can effectively collaborate with crucial external partners, improving business agility, enhancing productivity, and increasing profitability. As the leader in Microsoft technologies for the public sector and private sector organizations, Servcom USA provides comprehensive Microsoft 365 support services to help your company leverage the power of the cloud to promote collaboration internally and externally, so you can make the most out of your investment. Our Microsoft experts can help you with Microsoft 365 migration, application monitoring and maintenance, security, and much more to help you deploy and integrate new apps into your work environment. Contact us today to schedule a consultation!
Thanks to Holden Watne with Generation IX for his help with this article.
