Forum Discussion
Federation between two Azure AD tenants
B2B/Guest users allows you to assign permissions at least in some of the management portals, so that's your best goal. Microsoft have been playing with a more robust feature that addresses cross-tenant scenarios for few years now, so we might see something later this year. But until then, the above applies.
Hi kulman ,
If I understood your scenario right, your primary goal is to allow your IT org (let's assume their accounts are in AAD tenant of business unit X) to manage Azure subscriptions and resources in both tenants.
While AAD B2B Collaboration can be a good solution, it requires "context switching" for IT staff while managing Azure resources, guest accounts provisioning and management, etc.
I suggest you look into Azure Lighthouse. It was primarily designed for Managed Services Partners for more seamless management of their customers` tenants & subscriptions, but it can be also used within one organization that has several tenants.
I won't go into details, but it is based on "delegated resource management", giving your IT staff a possibility to manage resources in "external AAD tenants" while using their primary identity and having a 'single pane of glass' over resources across tenants and subscriptions. It means you don't need to provision their accounts in 'Business unit Y AAD tenant'. There is a simple onboarding process (using ARM templates) with steps done on both sides (tenants), but otherwise it works very well.
I hope this helps.