Forum Discussion

Tony_Verberk's avatar
Tony_Verberk
Copper Contributor
Feb 08, 2024

Multi-Tenant Architecture for Education

I've been reading a bit on the Multi-Tenant architecture in an attempt to solve a requirement for the Information Technology students.  The college has an existing Azure tenant that contains all the operational accounts, as well as all the academic accounts (students and faculty).  The IT faculty would like to give the students exposure to the Azure platform and tools like Intune, without giving them access to the corporate tenant.  Is it possible to setup a multi-tenant environment where a subset of students and faculty can existing in the primary/corporate tenant where their licenses for email and O365 exist, and a second tenant that could be handed over to the faculty and students for using tools like Intune without impacting the corporate tenant?  I'm also wondering if the academic Azure credits could be utilized under the secondary tenant, where today they sit in the existing corporate tenant.

 

4 Replies

  • UviweQ0606's avatar
    UviweQ0606
    Icon for Microsoft rankMicrosoft
    Feb 14, 2024
    Hi Tony_Verberk the college might use what we call a multi-tenant agreement. And have two separate tenants for corporate and faculty + students. Then you will have to plan for multitenant organizations in Microsoft 365 currently in preview: https://learn.microsoft.com/en-us/microsoft-365/enterprise/plan-multi-tenant-org-overview?view=o365-worldwide

    Also consider exploring Administrative Units in M365 in conjunction with Resource isolation in single tenant. See the below article: https://learn.microsoft.com/en-us/entra/architecture/secure-single-tenant
    • Tony_Verberk's avatar
      Tony_Verberk
      Copper Contributor
      Feb 14, 2024
      Thanks, I'll read up on the link you sent. I think the multi-tenant is the way to go, I'm just wondering about things like transferring the educational credits from the primary tenant where they sit today, to a different tenant. We get so many hours allocated for Azure labs as part of the tenant, and I would like to have those in this secondary academic tenant.
    • Tony_Verberk's avatar
      Tony_Verberk
      Copper Contributor
      Feb 14, 2024

      Kidd_Ip The issue with this is that we want to be able to have an Intune instance for back office use that the students can't touch, as well as a Intune instance for the student machines in the labs that would be managed seperately, as well as an Intune instance for the students to actually learn on, where they can create images and make mistakes.  We don't want the students being able to touch the Intune instance on the corporate/back office tenant, which currently is the only tenant.

Resources