Why multiple tenants of Office 365? Five common scenariosNovember 29, 2018
To keep everything secure, Microsoft designed Office 365 so that organizations would operate in separate tenants. But there are some reasons organizations might need to run on more than one tenant or integrate multiple tenants across corporate boundaries.
Below are the 5 most common scenarios we see with our clients. This overview post is the first in a series of six posts on exploring these scenarios. As we publish each of scenario posts, we will add links from this post to each scenario.
Use case 1: Mergers and acquisitions
This is the scenario we see most often. It’s where two or more companies are already running Office 365 and go through a merger or acquisition. Because IT departments often don’t have a ton of time to get ready for mergers, they’ll likely have to keep supporting multiple tenants of Office 365 well after day one of the merger. It can take months or even years to get everyone onto the same tenant.
Use case 2: Corporate partnerships, alliances, and joint ventures
Some organizations might need to come together and collaborate for a set period of time or long-term. Two or more law firms might work together on a class-action lawsuit. Regional hospitals might collaborate to fight the spread of infectious diseases in their community. Manufacturers and their suppliers might band together to create a complex product.
Use case 3: Complying with data sovereignty regulations
In some countries, it’s illegal to host and share data about its citizens outside the borders of that country or region. A bank in Switzerland, for example, can’t share customer information outside of their borders. But what if that bank also has a branch in the U.S.? They wouldn’t want their American employees to be able to access Swiss data. To keep everyone in their own lanes, they’d need to run different tenants of Office 365.
Use case 4: Ethical walls for reducing the risk of corporate conflicts of interest
In some industries, organizations are required to limit communications between different types of employees whose interests might conflict. This is a common practice in accounting firms, consulting firms, investment banks, law offices, and media companies. It also comes up in education, where you might not want students to have permissions to IM or video chat the president of the university without an appointment.
Office 365 has features that can help enforce these types of walls. But some organizations choose to go the extra mile and physically separate employees into different tenants.
Use case 5: Separation of duties between systems administrators
Finally, you might need to segregate the control of your system administrators into different tenants to keep boundaries between different divisions, subsidiaries, regions or other functional groups. This would let admins to each manage their own area, without overlap. As an example, you might not want your admins in Japan to have the rights to change permissions for users in Brazil.
While Office 365 has role-based access controls (RBAC), the controls are limited and don’t span all of its services. For example, the controls for Skype for Business work a bit differently than they do for Exchange Online. Thus, you might need to use multiple Office 365 tenants to enforce the separation of duties between administrators.
The challenges with multiple tenants
In each of these use cases, you will still want the users in different tenants to function as a unified group. You will want them to be able to easily email each other, look each other up in a shared directory, and be able to schedule meetings using free/busy availability. But when you have users on different tenants of Office 365, establishing collaboration across the tenants is not easily accomplished or maintained. In addition, users in different tenants can’t have matching email domains in their email addresses. These limitations pose some serious challenges to how your users will expect to work as a team.
What do you do about it?
If you find yourself in one of these scenarios, Binary Tree can help. Our Power365 cloud-based platform lets you integrate as many tenants as you like. While users remain in separate tenants – you can easily enable them to work together seamlessly with a unified email domain, a unified directory, and unified free/busy calendar information.
Learn about Power365.