Forum Discussion
Splitting a 365 Tenancy?
Hi,
So the situation is that a company has two branches, one local (to me) and the other overseas. Currently all the IT is based around a single Microsoft 365 Tenancy (with third party extensions for DMARC and email spam/phishing protection) administered from the overseas branch.
This is reportedly leading to some issues, the two branches have different security requirements (the local branch can afford to be more open with regards to BYOD for example), having to go through the overseas admins for almost every change is inconvenient, and also importantly some data should be compartmentalized (notably there is local information that ideally should not be visible to anybody in the overseas department, including the admins).
So having been asked to look into options, and being quite new to the inner workings of 365, after some investigation it seems prima facia that a solution might be to split the tenancy into two, moving the local office members into the new tenancy which would be controlled by a local admin, and then connecting the two possibly with a multi-tenant organization.
Obviously everyone would need to keep the same email addresses.
So, what I would like to check is
1) Is this possible?
2) Is this a sensible solution to the problem?
3) (Assuming the first answer is "yes" and the second at least a "maybe") any pointers to how to do it and any things to watch out for?
Any help/suggestions would be greatly appreciated.
The cross tenant syncing is the best option. I recently had to do this for my company with multiple tenants around the world.
If you need pointers I have recently done a similar project and is fresh knowledge in my head.
please go ahead and share your exp.
You cannot have a domain verified in more than one M365 tenant, thus "domain sharing" scenarios are not possible. You can use a subdomain if that's an acceptable solution.
Another important thing to keep in mind is that cross-tenant collaboration has certain limitations, even with MTO configured. Single tenancy always offers the best experience in this regard, so before committing to any sort of splitting, make sure the users (and business) will not be impacted. You should not be making a decision solely based on the admin woes, just saying.
Thanks for your response.
No decisions have been made yet, I'm investigating the options with a view to both the convenience of the users and the separation of information. As it happens it seems from my initial enquiries that some of the perceived issues may actually be coming more from poor communication between admins and users rather than limitations of the M365 setup, and for the others there's probably more than one way to skin a cat, for example information that should not be visible across branches could simply be kept off M365.
That being said, my job at this point is to identify the options and their plus and minus points
Where can I find some information on the limitations of cross-tenant collaboration?
As for domain sharing, I think (subject to some discussion) the only thing that matters in this situation from a user perspective is email addresses (as they are already established for external communications), and that should normally just be a case of routing things to the right places, or does 365 throw a spanner in the works in some way?For one, there is no cross-tenant access to mailbox data, so any delegate/shared mailbox scenarios are impossible in such configuration. For the email addresses, Microsoft previewed a "domain sharing" type of solution as part of their tenant-to-tenant migration feature, but afaik this hasn't reached general availability just yet, so you will have to look for alternative solutions.
