Breaking Down M365 Cross-Cloud and Cross-Tenant Collaboration
Acquisitions and mergers are happening at an increased pace in today’s corporate landscape. Businesses are operating in dynamic contexts where maintaining relationships with partners, customers, and vendors is crucial to their success. When external collaboration is enhanced, visibility, accountability, and confidence are all improved. With 85 percent of Fortune 500 firms using Office 365, it’s no coincidence that we see a significant increase in multi-tenant settings.
Migrating or consolidating two environments in the on-premises world took a little bit of fine-tuning and recalibration, but it was achievable. However, in the world of Microsoft Office 365 and cloud computing, things aren’t so straightforward.
When a company signs a contract with Microsoft to deploy Office 365, it becomes a tenant. Under Microsoft’s Office 365 Platform, this is essentially a silo-ed scenario. Tenants don’t necessarily limit sharing and collaboration on their own—quite the opposite. Through Exchange Online, Microsoft packs a built-in feature set that allows for basic/free calendar sharing—and that’s about it.
Cross-tenant contact sharing, rich and dynamic coexistence in calendars, and address book sharing aren’t available right away. Because tenants cannot share custom email domains, users may need to switch their email addresses. Having all users in the same Office 365 Tenant is the perfect remedy. But what about situations where this isn’t possible? A single tenant is sometimes not an option for enterprises, whether for administrative reasons, country of operation compliance regulations, brief partnerships, or recent acquisitions. Don’t worry. With shared channels, your company won’t have to cope with depreciated assets.
Benefits of Cross-Cloud and Cross-Tenant Collaboration
Administrators on both ends must set up cross-tenant access policies for tenant posting, and the shared network must set up inbound access stating who from the external tenant is authorized to connect. (Similarly, when setting up outbound access, you’ll need to define who from your own tenant can join in the external shared network.)
Inviting New Users is Easy
Cross-tenant administrators can invite an individual or a whole team to work together in a shared channel. These persons might be from your own company or a foreign entity with Azure Active Directory.
External users can view and connect to the shared channel without having to switch tenants or sign in with a separate account. This is great for maintaining reliability, continuity, and efficiency.
Regardless of which side you’re on, identifying a cross-tenant channel is simple. Participants on all sides will see an icon beside the name of that channel, indicating that a cross-tenant audience is participating in the cross-tenant channel. External users will have “(External)” next to their names to reflect this.
There are two essential components to collaborating with people outside your entity:
- Enable Sharing- Configure the sharing policies across Azure Active Directory, Teams, Microsoft 365 Groups, and SharePoint to provide the level of sharing your organization requires.
- Enable added protection – While basic sharing features can be set up to require authentication from people external to your organization, Microsoft 365 offers a wealth of additional compliance and security features to help you safeguard your data and adhere to your management policies while sharing externally.
Azure External Collaboration Settings
Sharing in Microsoft 365 is managed by B2B external collaboration settings at an advanced level. This configuration overrides any sharing settings you set in Microsoft 365 if guest-sharing is prohibited or disabled in Azure AD. Always ensure that sharing with guests is not disabled in the B2B external collaboration settings. If you work with visitors from various organizations, you might want to limit their access to directory data. This will keep them from viewing who else is in the directory as a visitor.
The SharePoint and OneDrive organization-level sharing settings must permit sharing with persons beyond your organization for external users to access a document in SharePoint or OneDrive.
SharePoint Organization-level Sharing Settings
The organization-level SharePoint settings determine the settings for individual SharePoint sites. The organization-level parameters you set are more permissive than the site-level settings. The organization-level configuration also determines the level of sharing possible for users’ OneDrive libraries.
Collaborating with External Users on Your Site
You can cooperate with visitors on documents, analytics, and lists. Modern SharePoint sites are linked to Microsoft 365 Groups, allowing them to manage site access and provide extra collaboration capabilities such as a shared inbox and calendar. Guest access on SharePoint sites requires Microsoft 365 Groups guest permission to be enabled.
Creating Secure Guest Sharing Environments
1. Enabling multifactor authentication for guests
Multifactor authentication significantly decreases the likelihood of your network being compromised. It’s especially critical to mandate multifactor authentication for guests because they may be using personal email accounts that don’t follow any organizational policies or best practices. Requiring a secondary form of authentication minimizes the likelihood of anonymous users gaining access to your sites and information whenever a guest’s credentials are stolen. Head over to Azure Conditional Access Policies to set up multifactor authentication.
Your guests may not have entered into non-disclosure agreements or other legal contracts with your business in some circumstances. You can make guests commit to a set of rules before they can access any files you share with them. The terms of service can be presented when users try to access a shared file or webpage, for the first instance.
3. Set up Guest Access Reviews
You may automate a regular review of client access to various teams and groups using Azure AD access reviews. You can help guarantee that guests do not have access to your firm’s sensitive data for longer than required by demanding an access review for them exclusively.
4. Set up web-only access for guests
You may decrease your attack vectors and make administration easier by limiting guests to exclusively using a web browser to access your teams, domains, and files.
This can be done with an Azure AD conditional access policy for Microsoft 365 Groups. For Sharepoint, you can do this in the SharePoint admin center. (You can also use sensitivity tags to limit guests’ access to web browsers.)
Collaborating with your essential business partners or customers doesn’t have to give you headaches. Adopt Microsoft 365’s cross-tenant and cross-cloud for all your partnership needs. LAN Infotech provides end-to-end managed IT services. Reach out to us today, and we will guide you through the finer details.
LAN Infotech is a Microsoft Cloud Services Provider, IT Managed Support company and a leader in helping law firms, nonprofits and medical organizations deploy cloud solutions, manage computer networks, keep data protected and top technology management company. Businesses like yours need technology support to run highly-effective organizations.