Jun 23 2021
02:45 AM
- last edited on
Jan 14 2022
03:54 PM
by
TechCommunityAP
Jun 23 2021
02:45 AM
- last edited on
Jan 14 2022
03:54 PM
by
TechCommunityAP
Hi,
I wanted to find solution or advices for my problem I'm struggling with right now.
Let's say there's a company A that uses Azure AD, has many departments, then IT department is getting separated into another company - company B - for legal reasons, from now company A is a client for company B and company B creates its own Azure AD, own emails, own subscriptions etc. and basically pays for itself.
The users of company B are added as Guests to company A, but then they have some restrictions causing many problems in communication and administration, like:
Now if company A decides to create a normal users in their Azure AD for company B, company A has to pay extra, and we want company B to pay for themselves. Company A could make an invoice for users once per month, but then it's extra work... All the problems with having a guest account have some workarounds, but it's extra time...
Hope I can get some suggestions what can be done. I'm looking for something that would make a close collaboration between company A and B, where all the restrictions caused by being a Guest would be gone and users from company B would be treated like a normal users in company A, while having license and all the payment in company B
Jun 23 2021 10:58 AM
Jul 12 2021 05:20 AM
For the calendar requirement, you can configure Org Relationship in both ends (in ECP)
But for other requirements you can try below.
* Once the Guest account is created, use MSOL PowerShell module to change the user type from Guest to Member. The user's UPN will still be that long string, but they will act as normal members in Azure AD.
With this conversation, you can try adding them to SPO sites for permissions etc.
Once the Guest is converted as a member, you can use Azure AD PowerShell module to allow them in the Global Address List.
https://docs.microsoft.com/en-us/azure/active-directory/external-identities/user-properties
If that user object has "Directory Reader" role assigned, I noticed that Guest will be able to see the users in the Guest Tenant (Teams, SharePoint etc.)
However I also noticed "Cross-Tenant People Search" feature is in development in the M365 Roadmap and you can use this feature if both of the tenants are under the same business.
Hope this helps.