question

LeoJohnson-5897 avatar image
0 Votes"
LeoJohnson-5897 asked singhh-msft commented

Grant access to Azure services (tenant to tenant)

Hi y'all,

We just moved one of our sister companies to their own Azure tenant, while the rest of the company stayed in the current tenant.

But now they need to access some services in the old tenant, like PowerBi and other services.

What is the best way to grant the moved users access to the services in the old tenant?

Any advice?

Leo

azure-active-directoryazure-ad-connectazure-ad-tenantazure-ad-b2b
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

1 Answer

singhh-msft avatar image
0 Votes"
singhh-msft answered singhh-msft commented

@LeoJohnson-5897, thank you for reaching out to us. I see that you want to manage and collaborate with users of another tenant in your own tenant. You can use Azure AD B2B for this.

Azure Active Directory (Azure AD) business-to-business (B2B) collaboration is a feature within External Identities that lets you invite guest users to collaborate with your organization. With B2B collaboration, you can securely share your company's applications and services with guest users from any other organization, while maintaining control over your own corporate data.

You can check out Enable B2B external collaboration and manage who can invite guests where you will know how to enable Azure Active Directory (Azure AD) B2B collaboration, designate who can invite guests, and determine the permissions that guest users have in your Azure AD. By default, all users and guests in your directory can invite guests even if they're not assigned to an admin role. External collaboration settings let you turn guest invitations on or off for different types of users in your organization. I would recommend you to select Allow invitations only to the specified domains (most restrictive) option while configuring the B2B:

108751-image.png


Further, you can give individual users the ability to invite guests without assigning them a global administrator or other admin role. Here's an example that shows how to use PowerShell to add a user to the Guest Inviter role:

 Add-MsolRoleMember -RoleObjectId 95e79109-95c0-4d8e-aee3-d01accf2d47b -RoleMemberEmailAddress <RoleMemberEmailAddress>

To invite bulk users from the sister directory, you can Use PowerShell to bulk invite Azure AD B2B collaboration users OR Bulk invite Azure AD B2B collaboration users.

Let me know if you have any follow-up questions, will be happy to take.


Please "Accept the answer" and upvote if the information helped you. This will help us and others in the community as well.



image.png (9.5 KiB)
· 2
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

@LeoJohnson-5897, just checking in to see if you got a chance to check my response.

0 Votes 0 ·

@LeoJohnson-5897, just checking in to see if you got a chance to check my response.

0 Votes 0 ·