Forum Discussion
Can global administrator of a azure AD tenant access other tenant that it did not create?
Let sat there are two global administrators in an azure AD called original.org. Admin 1 and Admin 2 are global administratorsin orignal.org. Admin 1 creates a new Azure AD tenant called dev.org,... Does Admin 2 have any ability to create users in dev.org? I am confused because global admin can give themselves user access administrator role and make themselves owners,... Cannot this owner have access to any new tenant created from the root tenant? This seems to conflict with an understanding that a global administrator who creates a new Azure AD tenant is the first user and other users such as Admin 2 would have to be invited?
3 Replies
- By default, the Global Administrator of an Azure AD tenant does not have access to other tenants that it did not create. However, there are scenarios where the Global Administrator may gain access to other tenants, such as when:
- The Global Administrator is a member of a guest organization in another tenant and has been granted access to resources in that tenant.
- The Global Administrator has been granted access to another tenant by an administrator in that tenant using Azure AD B2B collaboration.
- The Global Administrator has been granted access to another tenant as part of a merger or acquisition.Hi, can you please tell me where can i find this information? Thank you very much in advance.
Kind regards,
Global admin is per tenant, so your case may not apply, refer on below article for further information:
