At Ignite 2020, we announced the private preview of Microsoft 365 Lighthouse. Since then, we’ve been hard at work co-creating with our preview partners to build experiences that will help you succeed...
Updated Apr 18, 2025
Version 2.0
Blog Post
Ok, so here's a skinny on how microsoft splits things up...
Tenants house a cloud of data including AD\Azure, with domains, subdomains etc, all containing the services and data that a particular set of people might use in their business. That does not mean that this must be a top level domain, it can be a subdomain to begin with. Each pricing plan for microsoft is designed to fit common scale and business sizes for given access levels, with addons and other attachments that allow you to link users across tenants, without adding to the number of "users" within the tenant. By allowing them to be utilized as "Guests" from another subdomain, the level of access can be controlled, expanded\contracted, and generally segmented to prevent a small disaster from becoming much larger much faster. The more you keep in a single tenant, the more you will lose when there is a disaster.
Companies and corporate businesses are usually segmented on their own, and segmenting the software solutions is only natural, to keep a disaster in any department or branch from becoming the death of the company.
When setting up email addresses, it's usually best to abbreviate company names or primary web address, then add a dot or other separator, and then a subdomain, followed by the suffix. EG mbc.dept.biz for MyBusinessCompany.department.biz which gives your company the easiest email schema to remember, and makes it easy for new clients to type in. The subdomain can be a main domain for the business or just a department, providing webpage, and other service connections.
By segmenting the tenants among company, geography, department, even building or office with their own domain, you can use tools in each tenant to push data out to other tennants, and add guests to each tenant that include users or groups of another. This allows them to share services, files and work easily with others in each department, who then hand those out to their own tenant. This keeps numbers in each tenant down, and allows for security services like defender to function reliably in each tenant.
Designing your cloud structure is key. Use the logical build of the business to give you some guidelines. Add guest access from other tenants, to allow department heads or higher officers to delegate a relegate work between departments etc with their own login. It works. You just have to do a little more thinking about which services to purchase, which addons you'll need, etc.