Collaborate more securely with new cross-tenant access settings

Published Feb 07 2022 09:00 AM 35.6K Views
Microsoft

Hello friends, 

 

As a follow-on to our previous External Identities update, today I'm really excited to announce the availability of cross-tenant access settings for external collaboration in public preview. 

 

Cross-tenant access settings enable you to control how users in your organization collaborate with members of external Azure AD organizations. Now you’ll have granular inbound and outbound access control settings that work on a per org, user, group, and application basis. These settings also make it possible for you to trust security claims from external Azure AD organizations like Multi-Factor Authentication (MFA), device compliance, and hybrid Azure AD joined devices. 

 

When it comes to external collaboration, you’ve told us that:  

 

  1. You want to ensure only approved external users can access your apps and resources, and only approved users from your organization can access external apps and resources.  
  2. You want to trust MFA claims from your partners, so your guest users who have performed MFA in their directories aren't prompted for MFA again in your directory. 
  3. You want insights on what apps your users are accessing externally and what apps external users are accessing in your organization. 

 

So, we’ve designed the experience based directly on your feedback. Let’s take a look at how it works. 

 

How to get started with cross-tenant access settings  

 

Control the external users and organizations that can collaborate with your users 

Inbound settings let you control which external users can access your apps and resources. You can allow all external users to collaborate with you, or you can limit access to only allow specific users and groups from specific organizations. You can also specify the apps in your organization you want these users to be able to access.  Read the documentation to learn more about cross-tenant access settings. 

 

sdriggers_0-1643650307369.png

 

Control the external organizations your users can collaborate with 

Outbound settings let you control which external organizations your users can collaborate with. You can allow your users to collaborate with all external organizations or only allow specific users and groups to access specific apps in specific external organizations. 

 

sdriggers_1-1643650307374.png

 

Trust security claims from external Azure AD organizations for MFA and device  

Inbound trust settings let you trust the MFA external users perform in their home directories. This addresses the feedback you’ve given us around your external users having to perform MFA multiple times, both in their home directories and in your directory. Now you can enable a seamless authentication experience for your external users by trusting the MFA they perform in their home directories so they don’t need to complete MFA with you. You’ll also save on the MFA costs incurred by your organization.  

 

Inbound trust settings also let you trust devices that are compliant, or hybrid Azure AD joined in their home directories. Previously, you were not able to enforce device-based Conditional Access policies such as requiring compliant devices or hybrid Azure AD joined devices for external users. Using inbound trust settings to accept device claims from external Azure AD organizations, you can now protect access to your apps and resources by requiring that external users use compliant, or hybrid Azure AD joined devicesLearn how inbound trust settings work with Conditional Access. 

 

sdriggers_2-1643650307376.png

 


Know who’s accessing your organization’s resources 

Through the sign-in logs, you can see which external apps your users are accessing, as well as the external users who are accessing your resources. Learn more in the documentation. 

 

sdriggers_3-1643650307415.png

 

 

Start by evaluating how you collaborate 

 

Before you customize cross-tenant access settings, it’s important to understand which external organizations need access to your apps and resources and which of your users need to access external apps and resources so that you don’t inadvertently block ongoing collaboration. We recommend that you use this workbook to understand how your organization is collaborating with external organizations to avoid any business interruption. 

 

What customers are saying 

 

Bupa is an international health insurance and healthcare group with over 31 million customers worldwide. As they have been testing this feature, they’ve said:  

 

"This feature lays the bedrock for increased collaboration and most importantly security for our large and complex organization." 

 

In addition, we have enabled customers in the most regulated industries to open collaboration for the first time and recently received this feedback:  

 

“Cross-tenant access settings will help us greatly reduce risks, increase security, and enable us to better support our business in external tenant access and collaboration needs. Happy security department, happy business, and importantly happy auditors and regulators." 

 

We love hearing from you, so share your feedback on these new features through the Azure forum or by tagging @AzureAD on Twitter. 

 

Robin Goldstein  

Twitter: @RobinGo_MS 

 

 

Learn more about Microsoft identity: 

48 Comments
%3CLINGO-SUB%20id%3D%22lingo-sub-2147077%22%20slang%3D%22en-US%22%3ECollaborate%20more%20securely%20with%20new%20cross-tenant%20access%20settings%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2147077%22%20slang%3D%22en-US%22%3E%3CP%3E%3CSPAN%20data-contrast%3D%22none%22%3EHello%20friends%2C%3C%2FSPAN%3E%3CSPAN%20data-ccp-props%3D%22%7B%26quot%3B134233117%26quot%3B%3Atrue%2C%26quot%3B134233118%26quot%3B%3Atrue%2C%26quot%3B201341983%26quot%3B%3A0%2C%26quot%3B335559740%26quot%3B%3A240%7D%22%3E%26nbsp%3B%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%3CSPAN%20data-contrast%3D%22none%22%3E%E2%80%AF%3C%2FSPAN%3E%3CSPAN%20data-ccp-props%3D%22%7B%26quot%3B134233117%26quot%3B%3Atrue%2C%26quot%3B134233118%26quot%3B%3Atrue%2C%26quot%3B201341983%26quot%3B%3A0%2C%26quot%3B335559740%26quot%3B%3A240%7D%22%3E%26nbsp%3B%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%3CSPAN%20data-contrast%3D%22auto%22%3EAs%20a%20follow-on%20to%20our%20previous%20%3C%2FSPAN%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fazure-active-directory-identity%2Fexternal-identities-b2c-supports-authenticator-apps-and-new-data%2Fba-p%2F2147079%22%20target%3D%22_blank%22%3E%3CSPAN%3EExternal%20Identities%20update%3C%2FSPAN%3E%3C%2FA%3E%3CSPAN%20data-contrast%3D%22auto%22%3E%2C%20today%20I'm%20really%20excited%20to%20announce%20the%20availability%20of%20%3C%2FSPAN%3E%3CSTRONG%3E%3CSPAN%20data-contrast%3D%22auto%22%3Ecross-tenant%20access%20settings%20for%20external%20collaboration%20%3C%2FSPAN%3E%3C%2FSTRONG%3E%3CSPAN%20data-contrast%3D%22auto%22%3Ein%3C%2FSPAN%3E%3CSTRONG%3E%3CSPAN%20data-contrast%3D%22auto%22%3E%20public%20preview.%3C%2FSPAN%3E%3C%2FSTRONG%3E%3CSPAN%20data-ccp-props%3D%22%7B%26quot%3B201341983%26quot%3B%3A0%2C%26quot%3B335559739%26quot%3B%3A160%2C%26quot%3B335559740%26quot%3B%3A259%7D%22%3E%26nbsp%3B%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSPAN%20data-contrast%3D%22auto%22%3ECross-tenant%20access%20settings%20enable%20you%20to%20control%20how%20users%20in%20your%20organization%20collaborate%20with%20members%20of%20external%20Azure%20AD%20organizations.%20Now%20you%E2%80%99ll%20have%20granular%20inbound%20and%20outbound%20access%20control%20settings%20that%20work%20on%20a%20per%20org%2C%20user%2C%20group%2C%20and%20application%20basis.%20These%20settings%20also%20make%20it%20possible%20for%20you%20to%20trust%20security%20claims%20from%20external%20Azure%20AD%20organizations%20like%20Multi-Factor%20Authentication%20(MFA)%2C%20device%20compliance%2C%20and%20hybrid%20Azure%20AD%20joined%20devices.%3C%2FSPAN%3E%3CSPAN%20data-ccp-props%3D%22%7B%26quot%3B201341983%26quot%3B%3A0%2C%26quot%3B335559739%26quot%3B%3A160%2C%26quot%3B335559740%26quot%3B%3A259%7D%22%3E%26nbsp%3B%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSPAN%20data-contrast%3D%22auto%22%3EWhen%20it%20comes%20to%20external%20collaboration%2C%20you%E2%80%99ve%20told%20us%20that%3A%26nbsp%3B%3C%2FSPAN%3E%3CSPAN%20data-ccp-props%3D%22%7B%26quot%3B201341983%26quot%3B%3A0%2C%26quot%3B335559739%26quot%3B%3A160%2C%26quot%3B335559740%26quot%3B%3A259%7D%22%3E%26nbsp%3B%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3COL%3E%0A%3CLI%20data-leveltext%3D%22%251.%22%20data-font%3D%22Calibri%22%20data-listid%3D%2210%22%20aria-setsize%3D%22-1%22%20data-aria-posinset%3D%221%22%20data-aria-level%3D%221%22%3E%3CSPAN%20data-contrast%3D%22auto%22%3EYou%20want%20to%20ensure%20only%20approved%20external%20users%20can%20access%20your%20apps%20and%20resources%2C%20and%20only%20approved%20users%20from%20your%20organization%20can%20access%20external%20apps%20and%20resources.%26nbsp%3B%3C%2FSPAN%3E%3CSPAN%20data-ccp-props%3D%22%7B%26quot%3B201341983%26quot%3B%3A0%2C%26quot%3B335559739%26quot%3B%3A160%2C%26quot%3B335559740%26quot%3B%3A259%7D%22%3E%26nbsp%3B%3C%2FSPAN%3E%3C%2FLI%3E%0A%3CLI%20data-leveltext%3D%22%251.%22%20data-font%3D%22Calibri%22%20data-listid%3D%2210%22%20aria-setsize%3D%22-1%22%20data-aria-posinset%3D%221%22%20data-aria-level%3D%221%22%3E%3CSPAN%20data-contrast%3D%22auto%22%3EYou%20want%20to%20trust%20MFA%20claims%20from%20your%20partners%2C%20so%20your%20guest%20users%20who%20have%20performed%20MFA%20in%20their%20directories%20aren't%20prompted%20for%20MFA%20again%20in%20your%20directory.%3C%2FSPAN%3E%3CSPAN%20data-ccp-props%3D%22%7B%26quot%3B201341983%26quot%3B%3A0%2C%26quot%3B335559739%26quot%3B%3A160%2C%26quot%3B335559740%26quot%3B%3A259%7D%22%3E%26nbsp%3B%3C%2FSPAN%3E%3C%2FLI%3E%0A%3CLI%20data-leveltext%3D%22%251.%22%20data-font%3D%22Calibri%22%20data-listid%3D%2210%22%20aria-setsize%3D%22-1%22%20data-aria-posinset%3D%221%22%20data-aria-level%3D%221%22%3E%3CSPAN%20data-contrast%3D%22auto%22%3EYou%20want%20insights%20on%20what%20apps%20your%20users%20are%20accessing%20externally%20and%20what%20apps%20external%20users%20are%20accessing%20in%20your%20organization.%3C%2FSPAN%3E%3CSPAN%20data-ccp-props%3D%22%7B%26quot%3B201341983%26quot%3B%3A0%2C%26quot%3B335559739%26quot%3B%3A160%2C%26quot%3B335559740%26quot%3B%3A259%7D%22%3E%26nbsp%3B%3C%2FSPAN%3E%3C%2FLI%3E%0A%3C%2FOL%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSPAN%20data-contrast%3D%22auto%22%3ESo%2C%20we%E2%80%99ve%20designed%20the%20experience%20based%20directly%20on%20your%20feedback.%20Let%E2%80%99s%20take%20a%20look%20at%20how%20it%20works.%3C%2FSPAN%3E%3CSPAN%20data-ccp-props%3D%22%7B%26quot%3B201341983%26quot%3B%3A0%2C%26quot%3B335559739%26quot%3B%3A160%2C%26quot%3B335559740%26quot%3B%3A259%7D%22%3E%26nbsp%3B%3C%2FSPAN%3E%3CI%3E%3C%2FI%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CH2%20id%3D%22toc-hId--525059858%22%20id%3D%22toc-hId-338349478%22%20id%3D%22toc-hId-338349478%22%20id%3D%22toc-hId-338349478%22%20id%3D%22toc-hId-338349478%22%20id%3D%22toc-hId-338349478%22%20id%3D%22toc-hId-338349478%22%20id%3D%22toc-hId-338349478%22%20id%3D%22toc-hId-338349478%22%20id%3D%22toc-hId-338349478%22%20id%3D%22toc-hId-338349478%22%20id%3D%22toc-hId-338349478%22%20id%3D%22toc-hId-338349478%22%20id%3D%22toc-hId-338349478%22%20id%3D%22toc-hId-338349478%22%20id%3D%22toc-hId-338349478%22%20id%3D%22toc-hId-338349478%22%20id%3D%22toc-hId-338349478%22%20id%3D%22toc-hId-338349478%22%20id%3D%22toc-hId-338349478%22%20id%3D%22toc-hId-338349478%22%20id%3D%22toc-hId-338349478%22%20id%3D%22toc-hId-338349478%22%20id%3D%22toc-hId-338349478%22%20id%3D%22toc-hId-338349478%22%20id%3D%22toc-hId-338349478%22%20id%3D%22toc-hId-338349478%22%20id%3D%22toc-hId-338349478%22%20id%3D%22toc-hId-338349478%22%20id%3D%22toc-hId-338349478%22%20id%3D%22toc-hId-338349478%22%20id%3D%22toc-hId-338349478%22%20id%3D%22toc-hId-338349478%22%20id%3D%22toc-hId-338349478%22%20id%3D%22toc-hId-338349478%22%20id%3D%22toc-hId-338349478%22%20id%3D%22toc-hId-338349478%22%20id%3D%22toc-hId-338349478%22%20id%3D%22toc-hId-338349478%22%20id%3D%22toc-hId-338349478%22%20id%3D%22toc-hId-338349478%22%20id%3D%22toc-hId-338349478%22%20id%3D%22toc-hId-338349478%22%20id%3D%22toc-hId-338349478%22%20id%3D%22toc-hId-338349478%22%20id%3D%22toc-hId-338349478%22%20id%3D%22toc-hId-338349478%22%20id%3D%22toc-hId-338349478%22%20id%3D%22toc-hId-338349478%22%20id%3D%22toc-hId-338349478%22%20id%3D%22toc-hId-338349478%22%20id%3D%22toc-hId-338349478%22%20id%3D%22toc-hId-338349478%22%20id%3D%22toc-hId-338349478%22%20id%3D%22toc-hId-338349478%22%20id%3D%22toc-hId-338349478%22%20id%3D%22toc-hId-338349478%22%20id%3D%22toc-hId-338349478%22%20id%3D%22toc-hId-338349478%22%20id%3D%22toc-hId-338349478%22%20id%3D%22toc-hId-338349478%22%20id%3D%22toc-hId-338349478%22%20id%3D%22toc-hId-338349478%22%20id%3D%22toc-hId-338349478%22%20id%3D%22toc-hId-338349478%22%20id%3D%22toc-hId-338349478%22%20id%3D%22toc-hId-338349478%22%20id%3D%22toc-hId-338349478%22%20id%3D%22toc-hId-338349478%22%20id%3D%22toc-hId-338349478%22%20id%3D%22toc-hId-338349478%22%20id%3D%22toc-hId-338349478%22%20id%3D%22toc-hId-338349478%22%20id%3D%22toc-hId-338349478%22%20id%3D%22toc-hId-338349478%22%20id%3D%22toc-hId-338349478%22%20id%3D%22toc-hId-338349478%22%20id%3D%22toc-hId-338349478%22%20id%3D%22toc-hId-338349478%22%20id%3D%22toc-hId-338349478%22%20id%3D%22toc-hId-338349478%22%20id%3D%22toc-hId-338349478%22%20id%3D%22toc-hId-338349478%22%20id%3D%22toc-hId-338349478%22%20id%3D%22toc-hId-338349478%22%20id%3D%22toc-hId-338349478%22%20id%3D%22toc-hId-338349478%22%20id%3D%22toc-hId-338349478%22%20id%3D%22toc-hId-338349478%22%20id%3D%22toc-hId-338349478%22%20id%3D%22toc-hId-338349478%22%20id%3D%22toc-hId-338349478%22%20id%3D%22toc-hId-338349478%22%20id%3D%22toc-hId-338349478%22%20id%3D%22toc-hId-338349478%22%20id%3D%22toc-hId-338349478%22%20id%3D%22toc-hId-338349478%22%20id%3D%22toc-hId-338349478%22%20id%3D%22toc-hId-338349478%22%20id%3D%22toc-hId-338349478%22%3E%3CSTRONG%3E%3CI%3E%3CSPAN%20data-contrast%3D%22auto%22%3EHow%20to%20get%20started%20with%20cross-tenant%20access%20settings%26nbsp%3B%3C%2FSPAN%3E%3C%2FI%3E%3C%2FSTRONG%3E%3CSPAN%20data-ccp-props%3D%22%7B%26quot%3B201341983%26quot%3B%3A0%2C%26quot%3B335559739%26quot%3B%3A160%2C%26quot%3B335559740%26quot%3B%3A259%7D%22%3E%26nbsp%3B%3C%2FSPAN%3E%3C%2FH2%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSTRONG%3E%3CSPAN%20data-contrast%3D%22none%22%3EControl%20the%20external%20users%20and%20organizations%20that%20can%20collaborate%20with%20your%20users%3C%2FSPAN%3E%3C%2FSTRONG%3E%3CSPAN%20data-ccp-props%3D%22%7B%26quot%3B201341983%26quot%3B%3A0%2C%26quot%3B335559739%26quot%3B%3A160%2C%26quot%3B335559740%26quot%3B%3A259%7D%22%3E%26nbsp%3B%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%3CEM%3E%3CSTRONG%3EInbound%20settings%3C%2FSTRONG%3E%3C%2FEM%3E%3CSPAN%20data-contrast%3D%22auto%22%3E%20let%20you%20control%20which%20external%20users%20can%20access%20your%20apps%20and%20resources.%20You%20can%20allow%20all%20external%20users%20to%20collaborate%20with%20you%2C%20or%20you%20can%20limit%20access%20to%20only%20allow%20specific%20users%20and%20groups%20from%20specific%20organizations.%20You%20can%20also%20specify%20the%20apps%20in%20your%20organization%20you%20want%20these%20users%20to%20be%20able%20to%20access.%20%26nbsp%3B%3CSPAN%20class%3D%22TextRun%20SCXW12650474%20BCX8%22%20data-contrast%3D%22none%22%3E%3CSPAN%20class%3D%22NormalTextRun%20SCXW12650474%20BCX8%22%3ERead%20the%20%3C%2FSPAN%3E%3C%2FSPAN%3E%3CA%20class%3D%22Hyperlink%20SCXW12650474%20BCX8%22%20href%3D%22https%3A%2F%2Faka.ms%2Fcross-tenant-blog-overview%22%20target%3D%22_blank%22%20rel%3D%22noreferrer%20noopener%22%3E%3CSPAN%20class%3D%22FieldRange%20SCXW12650474%20BCX8%22%3E%3CSPAN%20class%3D%22TextRun%20Underlined%20SCXW12650474%20BCX8%22%20data-contrast%3D%22none%22%3E%3CSPAN%20class%3D%22NormalTextRun%20CommentStart%20CommentHighlightPipeRest%20CommentHighlightRest%20SCXW12650474%20BCX8%22%20data-ccp-charstyle%3D%22Hyperlink%22%3Edocumentation%3C%2FSPAN%3E%3C%2FSPAN%3E%3C%2FSPAN%3E%3C%2FA%3E%3CSPAN%20class%3D%22TextRun%20SCXW12650474%20BCX8%22%20data-contrast%3D%22none%22%3E%3CSPAN%20class%3D%22NormalTextRun%20CommentHighlightPipeRest%20SCXW12650474%20BCX8%22%3E%20to%20learn%20more%20about%20cross-tenant%20access%20settings.%3C%2FSPAN%3E%3C%2FSPAN%3E%3C%2FSPAN%3E%3CSPAN%20data-ccp-props%3D%22%7B%26quot%3B201341983%26quot%3B%3A0%2C%26quot%3B335559739%26quot%3B%3A160%2C%26quot%3B335559740%26quot%3B%3A259%7D%22%3E%26nbsp%3B%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22sdriggers_0-1643650307369.png%22%20style%3D%22width%3A%20999px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F343969iAF0908A904DCB14C%2Fimage-size%2Flarge%3Fv%3Dv2%26amp%3Bpx%3D999%22%20role%3D%22button%22%20title%3D%22sdriggers_0-1643650307369.png%22%20alt%3D%22sdriggers_0-1643650307369.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSTRONG%3E%3CSPAN%20data-contrast%3D%22none%22%3EControl%20the%20external%20organizations%20your%20users%20can%20collaborate%20with%3C%2FSPAN%3E%3C%2FSTRONG%3E%3CSPAN%20data-ccp-props%3D%22%7B%26quot%3B201341983%26quot%3B%3A0%2C%26quot%3B335559739%26quot%3B%3A160%2C%26quot%3B335559740%26quot%3B%3A259%7D%22%3E%26nbsp%3B%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%3CEM%3E%3CSTRONG%3EOutbound%20settings%3C%2FSTRONG%3E%3C%2FEM%3E%3CSPAN%20data-contrast%3D%22auto%22%3E%20let%20you%20control%20which%20external%20organizations%20your%20users%20can%20collaborate%20with.%20You%20can%20allow%20your%20users%20to%20collaborate%20with%20all%20external%20organizations%20or%20only%20allow%20specific%20users%20and%20groups%20to%20access%20specific%20apps%20in%20specific%20external%20organizations.%26nbsp%3B%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22sdriggers_1-1643650307374.png%22%20style%3D%22width%3A%20999px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F343971iAAC7B798E76B95EB%2Fimage-size%2Flarge%3Fv%3Dv2%26amp%3Bpx%3D999%22%20role%3D%22button%22%20title%3D%22sdriggers_1-1643650307374.png%22%20alt%3D%22sdriggers_1-1643650307374.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSTRONG%3E%3CSPAN%20data-contrast%3D%22none%22%3ETrust%20security%20claims%20from%20external%20Azure%20AD%20organizations%20for%20MFA%20and%20device%26nbsp%3B%3C%2FSPAN%3E%3C%2FSTRONG%3E%3CSPAN%20data-ccp-props%3D%22%7B%26quot%3B201341983%26quot%3B%3A0%2C%26quot%3B335559739%26quot%3B%3A160%2C%26quot%3B335559740%26quot%3B%3A259%7D%22%3E%26nbsp%3B%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%3CEM%3E%3CSTRONG%3EInbound%20trust%20settings%3C%2FSTRONG%3E%3C%2FEM%3E%3CSPAN%20data-contrast%3D%22none%22%3E%20let%20you%20trust%20the%20MFA%20external%20users%20perform%20in%20their%20home%20directories.%20This%20addresses%20the%20feedback%20you%E2%80%99ve%20given%20us%20around%20your%20external%20users%20having%20to%20perform%20MFA%20multiple%20times%2C%20both%20in%20their%20home%20directories%20and%20in%20your%20directory.%20Now%20you%20can%20enable%20a%20seamless%20authentication%20experience%20for%20your%20external%20users%20by%20trusting%20the%20MFA%20they%20perform%20in%20their%20home%20directories%20so%20they%20don%E2%80%99t%20need%20to%20complete%20MFA%20with%20you.%20You%E2%80%99ll%20also%20save%20on%20the%20MFA%20costs%20incurred%20by%20your%20organization.%26nbsp%3B%3C%2FSPAN%3E%3CSPAN%20data-ccp-props%3D%22%7B%26quot%3B201341983%26quot%3B%3A0%2C%26quot%3B335559739%26quot%3B%3A160%2C%26quot%3B335559740%26quot%3B%3A259%7D%22%3E%26nbsp%3B%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSPAN%20data-contrast%3D%22none%22%3EInbound%20trust%20settings%20also%20let%20you%20trust%20devices%20that%20are%20compliant%2C%20or%20hybrid%20Azure%20AD%20joined%20in%20their%20home%20directories.%20Previously%2C%20you%20were%20not%20able%20to%20enforce%20device-based%20Conditional%20Access%20policies%20such%20as%20requiring%20compliant%20devices%20or%20hybrid%20Azure%20AD%20joined%20devices%20for%20external%20users.%20Using%20inbound%20trust%20settings%20to%20accept%20device%20claims%20from%20external%20Azure%20AD%20organizations%2C%20you%20can%20now%20protect%20access%20to%20your%20apps%20and%20resources%20by%20requiring%20that%20external%20users%20use%20compliant%2C%20or%20hybrid%20Azure%20AD%20joined%20devices%3C%2FSPAN%3E%3CSPAN%20data-contrast%3D%22auto%22%3E.%26nbsp%3B%20%3C%2FSPAN%3E%3CA%20href%3D%22https%3A%2F%2Faka.ms%2Fcross-tenant-blog-ca%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3E%3CSPAN%3ELearn%20how%20inbound%20trust%20settings%20work%20with%20Conditional%20Access%3C%2FSPAN%3E%3C%2FA%3E%3CSPAN%20data-contrast%3D%22auto%22%3E.%3C%2FSPAN%3E%3CSPAN%20data-ccp-props%3D%22%7B%26quot%3B201341983%26quot%3B%3A0%2C%26quot%3B335559739%26quot%3B%3A160%2C%26quot%3B335559740%26quot%3B%3A259%7D%22%3E%26nbsp%3B%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22sdriggers_2-1643650307376.png%22%20style%3D%22width%3A%20999px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F343970iDCA57ACF9378E993%2Fimage-size%2Flarge%3Fv%3Dv2%26amp%3Bpx%3D999%22%20role%3D%22button%22%20title%3D%22sdriggers_2-1643650307376.png%22%20alt%3D%22sdriggers_2-1643650307376.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSPAN%3E%3CBR%20%2F%3E%3C%2FSPAN%3E%3CSTRONG%3E%3CSPAN%20data-contrast%3D%22none%22%3EKnow%20who%E2%80%99s%20accessing%20your%20organization%E2%80%99s%20resources%3C%2FSPAN%3E%3C%2FSTRONG%3E%3CSPAN%20data-ccp-props%3D%22%7B%26quot%3B201341983%26quot%3B%3A0%2C%26quot%3B335559739%26quot%3B%3A160%2C%26quot%3B335559740%26quot%3B%3A259%2C%26quot%3B469777462%26quot%3B%3A%5B9360%5D%2C%26quot%3B469777927%26quot%3B%3A%5B0%5D%2C%26quot%3B469777928%26quot%3B%3A%5B4%5D%7D%22%3E%26nbsp%3B%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%3CSPAN%20data-contrast%3D%22none%22%3EThrough%20the%20sign-in%20logs%2C%20you%20can%20see%20which%20external%20apps%20your%20users%20are%20accessing%2C%20as%20well%20as%20the%20external%20users%20who%20are%20accessing%20your%20resources.%E2%80%AF%3CSPAN%20class%3D%22TextRun%20SCXW2959193%20BCX8%22%20data-contrast%3D%22none%22%3E%3CSPAN%20class%3D%22NormalTextRun%20CommentStart%20SCXW2959193%20BCX8%22%3ELearn%20more%20in%20the%20%3C%2FSPAN%3E%3C%2FSPAN%3E%3CA%20class%3D%22Hyperlink%20SCXW2959193%20BCX8%22%20href%3D%22https%3A%2F%2Faka.ms%2Fcross-tenant-sign-ins%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3E%3CSPAN%20class%3D%22TextRun%20Underlined%20SCXW2959193%20BCX8%22%20data-contrast%3D%22none%22%3E%3CSPAN%20class%3D%22NormalTextRun%20SCXW2959193%20BCX8%22%20data-ccp-charstyle%3D%22Hyperlink%22%3Edocumentation%3C%2FSPAN%3E%3C%2FSPAN%3E%3C%2FA%3E%3CSPAN%20class%3D%22TextRun%20SCXW2959193%20BCX8%22%20data-contrast%3D%22none%22%3E%3CSPAN%20class%3D%22NormalTextRun%20CommentStart%20CommentHighlightPipeRest%20PointComment%20CommentHighlightRest%20SCXW2959193%20BCX8%22%3E.%3C%2FSPAN%3E%3C%2FSPAN%3E%3C%2FSPAN%3E%3CSPAN%20data-ccp-props%3D%22%7B%26quot%3B201341983%26quot%3B%3A0%2C%26quot%3B335559739%26quot%3B%3A160%2C%26quot%3B335559740%26quot%3B%3A259%7D%22%3E%26nbsp%3B%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22sdriggers_3-1643650307415.png%22%20style%3D%22width%3A%20999px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F343972i0536AC87C891D1FC%2Fimage-size%2Flarge%3Fv%3Dv2%26amp%3Bpx%3D999%22%20role%3D%22button%22%20title%3D%22sdriggers_3-1643650307415.png%22%20alt%3D%22sdriggers_3-1643650307415.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CH2%20id%3D%22toc-hId-1962452975%22%20id%3D%22toc-hId--1469104985%22%20id%3D%22toc-hId--1469104985%22%20id%3D%22toc-hId--1469104985%22%20id%3D%22toc-hId--1469104985%22%20id%3D%22toc-hId--1469104985%22%20id%3D%22toc-hId--1469104985%22%20id%3D%22toc-hId--1469104985%22%20id%3D%22toc-hId--1469104985%22%20id%3D%22toc-hId--1469104985%22%20id%3D%22toc-hId--1469104985%22%20id%3D%22toc-hId--1469104985%22%20id%3D%22toc-hId--1469104985%22%20id%3D%22toc-hId--1469104985%22%20id%3D%22toc-hId--1469104985%22%20id%3D%22toc-hId--1469104985%22%20id%3D%22toc-hId--1469104985%22%20id%3D%22toc-hId--1469104985%22%20id%3D%22toc-hId--1469104985%22%20id%3D%22toc-hId--1469104985%22%20id%3D%22toc-hId--1469104985%22%20id%3D%22toc-hId--1469104985%22%20id%3D%22toc-hId--1469104985%22%20id%3D%22toc-hId--1469104985%22%20id%3D%22toc-hId--1469104985%22%20id%3D%22toc-hId--1469104985%22%20id%3D%22toc-hId--1469104985%22%20id%3D%22toc-hId--1469104985%22%20id%3D%22toc-hId--1469104985%22%20id%3D%22toc-hId--1469104985%22%20id%3D%22toc-hId--1469104985%22%20id%3D%22toc-hId--1469104985%22%20id%3D%22toc-hId--1469104985%22%20id%3D%22toc-hId--1469104985%22%20id%3D%22toc-hId--1469104985%22%20id%3D%22toc-hId--1469104985%22%20id%3D%22toc-hId--1469104985%22%20id%3D%22toc-hId--1469104985%22%20id%3D%22toc-hId--1469104985%22%20id%3D%22toc-hId--1469104985%22%20id%3D%22toc-hId--1469104985%22%20id%3D%22toc-hId--1469104985%22%20id%3D%22toc-hId--1469104985%22%20id%3D%22toc-hId--1469104985%22%20id%3D%22toc-hId--1469104985%22%20id%3D%22toc-hId--1469104985%22%20id%3D%22toc-hId--1469104985%22%20id%3D%22toc-hId--1469104985%22%20id%3D%22toc-hId--1469104985%22%20id%3D%22toc-hId--1469104985%22%20id%3D%22toc-hId--1469104985%22%20id%3D%22toc-hId--1469104985%22%20id%3D%22toc-hId--1469104985%22%20id%3D%22toc-hId--1469104985%22%20id%3D%22toc-hId--1469104985%22%20id%3D%22toc-hId--1469104985%22%20id%3D%22toc-hId--1469104985%22%20id%3D%22toc-hId--1469104985%22%20id%3D%22toc-hId--1469104985%22%20id%3D%22toc-hId--1469104985%22%20id%3D%22toc-hId--1469104985%22%20id%3D%22toc-hId--1469104985%22%20id%3D%22toc-hId--1469104985%22%20id%3D%22toc-hId--1469104985%22%20id%3D%22toc-hId--1469104985%22%20id%3D%22toc-hId--1469104985%22%20id%3D%22toc-hId--1469104985%22%20id%3D%22toc-hId--1469104985%22%20id%3D%22toc-hId--1469104985%22%20id%3D%22toc-hId--1469104985%22%20id%3D%22toc-hId--1469104985%22%20id%3D%22toc-hId--1469104985%22%20id%3D%22toc-hId--1469104985%22%20id%3D%22toc-hId--1469104985%22%20id%3D%22toc-hId--1469104985%22%20id%3D%22toc-hId--1469104985%22%20id%3D%22toc-hId--1469104985%22%20id%3D%22toc-hId--1469104985%22%20id%3D%22toc-hId--1469104985%22%20id%3D%22toc-hId--1469104985%22%20id%3D%22toc-hId--1469104985%22%20id%3D%22toc-hId--1469104985%22%20id%3D%22toc-hId--1469104985%22%20id%3D%22toc-hId--1469104985%22%20id%3D%22toc-hId--1469104985%22%20id%3D%22toc-hId--1469104985%22%20id%3D%22toc-hId--1469104985%22%20id%3D%22toc-hId--1469104985%22%20id%3D%22toc-hId--1469104985%22%20id%3D%22toc-hId--1469104985%22%20id%3D%22toc-hId--1469104985%22%20id%3D%22toc-hId--1469104985%22%20id%3D%22toc-hId--1469104985%22%20id%3D%22toc-hId--1469104985%22%20id%3D%22toc-hId--1469104985%22%20id%3D%22toc-hId--1469104985%22%20id%3D%22toc-hId--1469104985%22%20id%3D%22toc-hId--1469104985%22%20id%3D%22toc-hId--1469104985%22%20id%3D%22toc-hId--1469104985%22%3E%3CSTRONG%3E%3CI%3E%3CSPAN%20data-contrast%3D%22auto%22%3EStart%20by%20evaluating%20how%20you%20collaborate%3C%2FSPAN%3E%3C%2FI%3E%3C%2FSTRONG%3E%3CSPAN%20data-ccp-props%3D%22%7B%26quot%3B201341983%26quot%3B%3A0%2C%26quot%3B335559739%26quot%3B%3A160%2C%26quot%3B335559740%26quot%3B%3A259%7D%22%3E%26nbsp%3B%3C%2FSPAN%3E%3C%2FH2%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSPAN%20data-contrast%3D%22none%22%3EBefore%20you%20customize%20cross-tenant%20access%20settings%2C%20it%E2%80%99s%20important%20to%20understand%20which%20external%20organizations%20need%20access%20to%20your%20apps%20and%20resources%20and%20which%20of%20your%20users%20need%20to%20access%20external%20apps%20and%20resources%20so%20that%20you%20don%E2%80%99t%20inadvertently%20block%20ongoing%20collaboration.%20We%20recommend%20that%20you%20use%20this%20%3C%2FSPAN%3E%3CA%20href%3D%22https%3A%2F%2Faka.ms%2Fcross-tenant-signins-workbook%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3E%3CSPAN%3Eworkbook%3C%2FSPAN%3E%3C%2FA%3E%3CSPAN%20data-contrast%3D%22none%22%3E%20to%20understand%20how%20your%20organization%20is%20collaborating%20with%20external%20organizations%20to%20avoid%20any%20business%20interruption.%3C%2FSPAN%3E%3CSPAN%20data-ccp-props%3D%22%7B%26quot%3B201341983%26quot%3B%3A0%2C%26quot%3B335559739%26quot%3B%3A160%2C%26quot%3B335559740%26quot%3B%3A259%7D%22%3E%26nbsp%3B%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CH2%20id%3D%22toc-hId-154998512%22%20id%3D%22toc-hId-1018407848%22%20id%3D%22toc-hId-1018407848%22%20id%3D%22toc-hId-1018407848%22%20id%3D%22toc-hId-1018407848%22%20id%3D%22toc-hId-1018407848%22%20id%3D%22toc-hId-1018407848%22%20id%3D%22toc-hId-1018407848%22%20id%3D%22toc-hId-1018407848%22%20id%3D%22toc-hId-1018407848%22%20id%3D%22toc-hId-1018407848%22%20id%3D%22toc-hId-1018407848%22%20id%3D%22toc-hId-1018407848%22%20id%3D%22toc-hId-1018407848%22%20id%3D%22toc-hId-1018407848%22%20id%3D%22toc-hId-1018407848%22%20id%3D%22toc-hId-1018407848%22%20id%3D%22toc-hId-1018407848%22%20id%3D%22toc-hId-1018407848%22%20id%3D%22toc-hId-1018407848%22%20id%3D%22toc-hId-1018407848%22%20id%3D%22toc-hId-1018407848%22%20id%3D%22toc-hId-1018407848%22%20id%3D%22toc-hId-1018407848%22%20id%3D%22toc-hId-1018407848%22%20id%3D%22toc-hId-1018407848%22%20id%3D%22toc-hId-1018407848%22%20id%3D%22toc-hId-1018407848%22%20id%3D%22toc-hId-1018407848%22%20id%3D%22toc-hId-1018407848%22%20id%3D%22toc-hId-1018407848%22%20id%3D%22toc-hId-1018407848%22%20id%3D%22toc-hId-1018407848%22%20id%3D%22toc-hId-1018407848%22%20id%3D%22toc-hId-1018407848%22%20id%3D%22toc-hId-1018407848%22%20id%3D%22toc-hId-1018407848%22%20id%3D%22toc-hId-1018407848%22%20id%3D%22toc-hId-1018407848%22%20id%3D%22toc-hId-1018407848%22%20id%3D%22toc-hId-1018407848%22%20id%3D%22toc-hId-1018407848%22%20id%3D%22toc-hId-1018407848%22%20id%3D%22toc-hId-1018407848%22%20id%3D%22toc-hId-1018407848%22%20id%3D%22toc-hId-1018407848%22%20id%3D%22toc-hId-1018407848%22%20id%3D%22toc-hId-1018407848%22%20id%3D%22toc-hId-1018407848%22%20id%3D%22toc-hId-1018407848%22%20id%3D%22toc-hId-1018407848%22%20id%3D%22toc-hId-1018407848%22%20id%3D%22toc-hId-1018407848%22%20id%3D%22toc-hId-1018407848%22%20id%3D%22toc-hId-1018407848%22%20id%3D%22toc-hId-1018407848%22%20id%3D%22toc-hId-1018407848%22%20id%3D%22toc-hId-1018407848%22%20id%3D%22toc-hId-1018407848%22%20id%3D%22toc-hId-1018407848%22%20id%3D%22toc-hId-1018407848%22%20id%3D%22toc-hId-1018407848%22%20id%3D%22toc-hId-1018407848%22%20id%3D%22toc-hId-1018407848%22%20id%3D%22toc-hId-1018407848%22%20id%3D%22toc-hId-1018407848%22%20id%3D%22toc-hId-1018407848%22%20id%3D%22toc-hId-1018407848%22%20id%3D%22toc-hId-1018407848%22%20id%3D%22toc-hId-1018407848%22%20id%3D%22toc-hId-1018407848%22%20id%3D%22toc-hId-1018407848%22%20id%3D%22toc-hId-1018407848%22%20id%3D%22toc-hId-1018407848%22%20id%3D%22toc-hId-1018407848%22%20id%3D%22toc-hId-1018407848%22%20id%3D%22toc-hId-1018407848%22%20id%3D%22toc-hId-1018407848%22%20id%3D%22toc-hId-1018407848%22%20id%3D%22toc-hId-1018407848%22%20id%3D%22toc-hId-1018407848%22%20id%3D%22toc-hId-1018407848%22%20id%3D%22toc-hId-1018407848%22%20id%3D%22toc-hId-1018407848%22%20id%3D%22toc-hId-1018407848%22%20id%3D%22toc-hId-1018407848%22%20id%3D%22toc-hId-1018407848%22%20id%3D%22toc-hId-1018407848%22%20id%3D%22toc-hId-1018407848%22%20id%3D%22toc-hId-1018407848%22%20id%3D%22toc-hId-1018407848%22%20id%3D%22toc-hId-1018407848%22%20id%3D%22toc-hId-1018407848%22%20id%3D%22toc-hId-1018407848%22%20id%3D%22toc-hId-1018407848%22%20id%3D%22toc-hId-1018407848%22%20id%3D%22toc-hId-1018407848%22%20id%3D%22toc-hId-1018407848%22%20id%3D%22toc-hId-1018407848%22%20id%3D%22toc-hId-1018407848%22%3E%3CSTRONG%3E%3CI%3E%3CSPAN%20data-contrast%3D%22auto%22%3EWhat%20customers%20are%20saying%3C%2FSPAN%3E%3C%2FI%3E%3C%2FSTRONG%3E%3CSPAN%20data-ccp-props%3D%22%7B%26quot%3B201341983%26quot%3B%3A0%2C%26quot%3B335559739%26quot%3B%3A160%2C%26quot%3B335559740%26quot%3B%3A259%7D%22%3E%26nbsp%3B%3C%2FSPAN%3E%3C%2FH2%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSPAN%20data-contrast%3D%22auto%22%3EBupa%20is%20an%20international%E2%80%AFhealth%20insurance%E2%80%AFand%E2%80%AFhealthcare%E2%80%AFgroup%20with%20over%2031%20million%20customers%20worldwide.%20As%20they%20have%20been%20testing%20this%20feature%2C%20they%E2%80%99ve%20said%3A%3C%2FSPAN%3E%3CSPAN%3E%26nbsp%3B%3C%2FSPAN%3E%3CSPAN%20data-ccp-props%3D%22%7B%26quot%3B201341983%26quot%3B%3A0%2C%26quot%3B335559739%26quot%3B%3A160%2C%26quot%3B335559740%26quot%3B%3A259%7D%22%3E%26nbsp%3B%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CI%3E%22This%20feature%20lays%20the%20bedrock%20for%20increased%20collaboration%20and%20most%20importantly%20security%20for%20our%20large%20and%20complex%20organization.%22%3C%2FI%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSPAN%20data-contrast%3D%22auto%22%3EIn%20addition%2C%20we%20have%20enabled%20customers%20in%20the%20most%20regulated%20industries%20to%20open%20collaboration%20for%20the%20first%20time%20and%20recently%20received%20this%20feedback%3A%26nbsp%3B%3C%2FSPAN%3E%3CSPAN%20data-ccp-props%3D%22%7B%26quot%3B201341983%26quot%3B%3A0%2C%26quot%3B335559739%26quot%3B%3A160%2C%26quot%3B335559740%26quot%3B%3A259%7D%22%3E%26nbsp%3B%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CI%3E%3CSPAN%20data-contrast%3D%22auto%22%3E%E2%80%9CCross-tenant%20access%20settings%20will%20help%20us%20greatly%20reduce%20risks%2C%20increase%20security%2C%20and%20enable%20us%20to%20better%20support%20our%20business%20in%20external%20tenant%20access%20and%20collaboration%20needs.%20Happy%20security%20department%2C%20happy%20business%2C%20and%20importantly%20happy%20auditors%20and%20regulators.%22%3C%2FSPAN%3E%3C%2FI%3E%3CSPAN%20data-ccp-props%3D%22%7B%26quot%3B201341983%26quot%3B%3A0%2C%26quot%3B335559739%26quot%3B%3A160%2C%26quot%3B335559740%26quot%3B%3A259%7D%22%3E%26nbsp%3B%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSPAN%20data-contrast%3D%22none%22%3EWe%20love%20hearing%20from%20you%2C%20so%20share%20your%20feedback%20on%20these%20new%20features%20through%20the%20Azure%20forum%20or%20by%20tagging%E2%80%AF%3C%2FSPAN%3E%3CA%20href%3D%22https%3A%2F%2Ftwitter.com%2Fazuread%22%20target%3D%22_blank%22%20rel%3D%22noopener%20nofollow%20noreferrer%22%3E%3CSPAN%20data-contrast%3D%22none%22%3E%40AzureAD%3C%2FSPAN%3E%3C%2FA%3E%3CSPAN%20data-contrast%3D%22none%22%3E%E2%80%AFon%20Twitter.%3C%2FSPAN%3E%3CSPAN%20data-ccp-props%3D%22%7B%26quot%3B134233117%26quot%3B%3Atrue%2C%26quot%3B134233118%26quot%3B%3Atrue%2C%26quot%3B201341983%26quot%3B%3A0%2C%26quot%3B335559739%26quot%3B%3A90%2C%26quot%3B335559740%26quot%3B%3A240%7D%22%3E%26nbsp%3B%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSPAN%20data-contrast%3D%22none%22%3ERobin%20Goldstein%E2%80%AF%3C%2FSPAN%3E%3CSPAN%20data-ccp-props%3D%22%7B%26quot%3B134233117%26quot%3B%3Atrue%2C%26quot%3B134233118%26quot%3B%3Atrue%2C%26quot%3B201341983%26quot%3B%3A0%2C%26quot%3B335559740%26quot%3B%3A240%7D%22%3E%26nbsp%3B%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%3CSPAN%20data-contrast%3D%22none%22%3ETwitter%3A%E2%80%AF%3C%2FSPAN%3E%3CA%20href%3D%22https%3A%2F%2Ftwitter.com%2FRobinGo_MS%22%20target%3D%22_blank%22%20rel%3D%22noopener%20nofollow%20noreferrer%22%3E%3CSPAN%20data-contrast%3D%22none%22%3E%40RobinGo_MS%3C%2FSPAN%3E%3C%2FA%3E%3CSPAN%20data-ccp-props%3D%22%7B%26quot%3B134233117%26quot%3B%3Atrue%2C%26quot%3B134233118%26quot%3B%3Atrue%2C%26quot%3B201341983%26quot%3B%3A0%2C%26quot%3B335559740%26quot%3B%3A240%7D%22%3E%26nbsp%3B%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%3CSPAN%20data-ccp-props%3D%22%7B%26quot%3B134233117%26quot%3B%3Atrue%2C%26quot%3B134233118%26quot%3B%3Atrue%2C%26quot%3B201341983%26quot%3B%3A0%2C%26quot%3B335559740%26quot%3B%3A240%7D%22%3E%26nbsp%3B%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%3CSPAN%20data-ccp-props%3D%22%7B%26quot%3B134233117%26quot%3B%3Atrue%2C%26quot%3B134233118%26quot%3B%3Atrue%2C%26quot%3B201341983%26quot%3B%3A0%2C%26quot%3B335559740%26quot%3B%3A240%7D%22%3E%26nbsp%3B%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%3CI%3E%3CSPAN%20data-contrast%3D%22none%22%3ELearn%20more%20about%20Microsoft%20identity%3A%3C%2FSPAN%3E%3C%2FI%3E%3CSPAN%20data-ccp-props%3D%22%7B%26quot%3B201341983%26quot%3B%3A0%2C%26quot%3B335559685%26quot%3B%3A360%2C%26quot%3B335559739%26quot%3B%3A160%2C%26quot%3B335559740%26quot%3B%3A240%7D%22%3E%26nbsp%3B%3C%2FSPAN%3E%3C%2FP%3E%0A%3CUL%3E%0A%3CLI%20data-leveltext%3D%22%EF%82%B7%22%20data-font%3D%22Symbol%22%20data-listid%3D%2213%22%20aria-setsize%3D%22-1%22%20data-aria-posinset%3D%222%22%20data-aria-level%3D%221%22%3E%3CI%3E%3CSPAN%20data-contrast%3D%22none%22%3EReturn%20to%20the%20%3C%2FSPAN%3E%3C%2FI%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fazure-active-directory-identity%2Fbg-p%2FIdentity%22%20target%3D%22_blank%22%3E%3CI%3E%3CSPAN%20data-contrast%3D%22none%22%3EAzure%20Active%20Directory%20Identity%20blog%20home%3C%2FSPAN%3E%3C%2FI%3E%3C%2FA%3E%3CSPAN%20data-ccp-props%3D%22%7B%26quot%3B201341983%26quot%3B%3A0%2C%26quot%3B335559739%26quot%3B%3A160%2C%26quot%3B335559740%26quot%3B%3A240%7D%22%3E%26nbsp%3B%3C%2FSPAN%3E%3C%2FLI%3E%0A%3CLI%20data-leveltext%3D%22%EF%82%B7%22%20data-font%3D%22Symbol%22%20data-listid%3D%2213%22%20aria-setsize%3D%22-1%22%20data-aria-posinset%3D%223%22%20data-aria-level%3D%221%22%3E%3CI%3E%3CSPAN%20data-contrast%3D%22none%22%3EJoin%20the%20conversation%20on%20%3C%2FSPAN%3E%3C%2FI%3E%3CA%20href%3D%22https%3A%2F%2Ftwitter.com%2Fazuread%2Fstatus%2F1278418103903363074%22%20target%3D%22_blank%22%20rel%3D%22noopener%20nofollow%20noreferrer%22%3E%3CI%3E%3CSPAN%20data-contrast%3D%22none%22%3ETwitter%3C%2FSPAN%3E%3C%2FI%3E%3C%2FA%3E%3CI%3E%3CSPAN%20data-contrast%3D%22none%22%3E%20and%20%3C%2FSPAN%3E%3C%2FI%3E%3CA%20href%3D%22https%3A%2F%2Fwww.linkedin.com%2Fshowcase%2Fmicrosoft-security%2F%22%20target%3D%22_blank%22%20rel%3D%22noopener%20nofollow%20noreferrer%22%3E%3CI%3E%3CSPAN%20data-contrast%3D%22none%22%3ELinkedIn%3C%2FSPAN%3E%3C%2FI%3E%3C%2FA%3E%3CSPAN%20data-ccp-props%3D%22%7B%26quot%3B201341983%26quot%3B%3A0%2C%26quot%3B335559739%26quot%3B%3A160%2C%26quot%3B335559740%26quot%3B%3A240%7D%22%3E%26nbsp%3B%3C%2FSPAN%3E%3C%2FLI%3E%0A%3CLI%20data-leveltext%3D%22%EF%82%B7%22%20data-font%3D%22Symbol%22%20data-listid%3D%2213%22%20aria-setsize%3D%22-1%22%20data-aria-posinset%3D%224%22%20data-aria-level%3D%221%22%3E%3CI%3E%3CSPAN%20data-contrast%3D%22none%22%3EShare%20product%20suggestions%20on%20the%20%3C%2FSPAN%3E%3C%2FI%3E%3CA%20href%3D%22https%3A%2F%2Ffeedback.azure.com%2Fd365community%2Fforum%2F22920db1-ad25-ec11-b6e6-000d3a4f0789%22%20target%3D%22_blank%22%20rel%3D%22noopener%20nofollow%20noreferrer%22%3E%3CI%3E%3CSPAN%20data-contrast%3D%22none%22%3EAzure%20Feedback%20Forum%3C%2FSPAN%3E%3C%2FI%3E%3C%2FA%3E%3CSPAN%20data-ccp-props%3D%22%7B%26quot%3B201341983%26quot%3B%3A0%2C%26quot%3B335559739%26quot%3B%3A160%2C%26quot%3B335559740%26quot%3B%3A240%7D%22%3E%26nbsp%3B%3C%2FSPAN%3E%3C%2FLI%3E%0A%3C%2FUL%3E%3C%2FLINGO-BODY%3E%3CLINGO-TEASER%20id%3D%22lingo-teaser-2147077%22%20slang%3D%22en-US%22%3E%3CP%3E%3CSPAN%20class%3D%22TextRun%20SCXW873356%20BCX8%22%20data-contrast%3D%22none%22%3E%3CSPAN%20class%3D%22NormalTextRun%20CommentStart%20SCXW873356%20BCX8%22%3ELearn%20how%20%3C%2FSPAN%3E%3CSPAN%20class%3D%22NormalTextRun%20SCXW873356%20BCX8%22%3Ecross%3C%2FSPAN%3E%3CSPAN%20class%3D%22NormalTextRun%20SCXW873356%20BCX8%22%3E-%3C%2FSPAN%3E%3CSPAN%20class%3D%22NormalTextRun%20SCXW873356%20BCX8%22%3Etenant%20access%20settings%20%3C%2FSPAN%3E%3CSPAN%20class%3D%22NormalTextRun%20SCXW873356%20BCX8%22%3Elet%3C%2FSPAN%3E%20%3CSPAN%20class%3D%22NormalTextRun%20SCXW873356%20BCX8%22%3Epartners%20%3C%2FSPAN%3E%3CSPAN%20class%3D%22NormalTextRun%20SCXW873356%20BCX8%22%3Ecollaborate%20%3C%2FSPAN%3E%3CSPAN%20class%3D%22NormalTextRun%20SCXW873356%20BCX8%22%3Ein%3C%2FSPAN%3E%3CSPAN%20class%3D%22NormalTextRun%20SCXW873356%20BCX8%22%3E%20a%20flexible%20and%20secure%20way!%3C%2FSPAN%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%3CSPAN%20class%3D%22TextRun%20SCXW873356%20BCX8%22%20data-contrast%3D%22none%22%3E%3CSPAN%20class%3D%22NormalTextRun%20SCXW873356%20BCX8%22%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22WIN22_HybridWork_039.jpg%22%20style%3D%22width%3A%20999px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F344697iA84E53B684AB6144%2Fimage-size%2Flarge%3Fv%3Dv2%26amp%3Bpx%3D999%22%20role%3D%22button%22%20title%3D%22WIN22_HybridWork_039.jpg%22%20alt%3D%22WIN22_HybridWork_039.jpg%22%20%2F%3E%3C%2FSPAN%3E%3C%2FSPAN%3E%3C%2FSPAN%3E%3C%2FP%3E%3C%2FLINGO-TEASER%3E%3CLINGO-SUB%20id%3D%22lingo-sub-3133475%22%20slang%3D%22en-US%22%3ERe%3A%20Collaborate%20more%20securely%20with%20new%20cross-tenant%20access%20settings%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3133475%22%20slang%3D%22en-US%22%3E%3CP%3EI%20don%E2%80%99t%20get%20it.%20Why%20would%20u%20enable%20this%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%E2%80%9CTrust%20security%20claims%20from%20external%20Azure%20AD%20organizations%20for%20MFA%E2%80%9D%20%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3Esounds%20like%20the%20complete%20opposite%20of%20Zero%20Trust.%20And%20we%20never%20know%20how%20the%20trusted%20AAD%20organization%20verified%20their%20identity.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-3133478%22%20slang%3D%22en-US%22%3ERe%3A%20Collaborate%20more%20securely%20with%20new%20cross-tenant%20access%20settings%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3133478%22%20slang%3D%22en-US%22%3E%3CP%3EResource%20tenants%20within%20the%20same%20organization%20its%20useful%2C%20cuts%20down%20on%20the%20overhead%20of%20subscribing%20another%20MFA.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-3134327%22%20slang%3D%22en-US%22%3ERe%3A%20Collaborate%20more%20securely%20with%20new%20cross-tenant%20access%20settings%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3134327%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F963316%22%20target%3D%22_blank%22%3E%40joeyvldn%3C%2FA%3E%26nbsp%3BGreat%20question!%26nbsp%3B%20One%20of%20the%20most%20frequent%20pieces%20of%20feedback%20we%20got%20from%20existing%20customers%20who%20enable%20B2B%20collaboration%20is%20that%20they%20wanted%20to%20minimize%20friction%20while%20still%20enabling%20secure%20collaboration.%20So%20if%20an%20organization%20I%20trust%2C%20say%20my%20main%20customer%20or%20supplier%2C%20has%20MFA%20policies%20for%20users%20who%20authenticate%20in%20their%20tenant%2C%20then%20I'm%20OK%20not%20asking%20that%20user%20to%20register%20for%20MFA%20in%20my%20tenant.%20It's%20a%20better%20user%20experience%20and%20less%20error%20prone.%26nbsp%3B%20However%2C%20not%20all%20customers%20will%20have%20that%20level%20of%20trust%20with%20other%20organizations%20and%20tenants%2C%20that's%20why%20the%20policy%20is%20configurable.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-3134707%22%20slang%3D%22en-US%22%3ERe%3A%20Collaborate%20more%20securely%20with%20new%20cross-tenant%20access%20settings%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3134707%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F218763%22%20target%3D%22_blank%22%3E%40Robin%20Goldstein%3C%2FA%3E%26nbsp%3B%20that%20makes%20sense%20%3A)%3C%2Fimg%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-3135396%22%20slang%3D%22en-US%22%3ERe%3A%20Collaborate%20more%20securely%20with%20new%20cross-tenant%20access%20settings%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3135396%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F218763%22%20target%3D%22_blank%22%3E%40Robin%20Goldstein%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%3CP%3ENice%20post%20and%20upcoming%20features.%20%3A)%3C%2Fimg%3E%3C%2FP%3E%3CP%3EOne%20point%20that%20is%20always%20complicated%20is%20that%20a%20tenant%20is%20always%20displayed%20with%20an%20ID%20and%20nobody%20nether%20know%20what%20is%20what...%3C%2FP%3E%3CP%3EIf%20a%20user%20access%20an%20external%20tenant%2C%20we%20will%20see%20an%20ID%20in%20logs%20and%20the%20user%20will%20see%20a%20name%20for%20the%20tenant%20in%20his%20client%20applications.%20By%20this%20way%2C%20we%20have%20no%20chance%20to%20make%20corresponding%20things%20and%20perform%20a%20consistent%20analysis.%20How%20can%20I%20say%20to%20my%20user%3A%20%22Hey%20you%20access%20Xyz.com%20company%20with%20Teams%20and%20we%20will%20change%20that%20behavior%20soon!%22%3F%3C%2FP%3E%3CP%3EIn%20the%20other%20hand%2C%20when%20an%20external%20tenant%20access%20my%20tenant%20I%20also%20see%20an%20ID%20and%20the%20only%20way%20to%20find%20who%20could%20be%20owner%20of%20the%20tenant%20is%20to%20deal%20with%20email%20addresses%20that%20could%20give%20me%20an%20information.%3C%2FP%3E%3CP%3EI%20think%20that%20the%20information%20of%20the%20admin%20contact%20and%20organization%20name%20of%20tenants%20need%20to%20be%20displayed%2C%20linked%20to%20the%20tenant%20ID%2C%20in%20logs.%3C%2FP%3E%3CP%3EDo%20you%20think%20that%20there%20is%20a%20way%20to%20achieve%20that%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-3135675%22%20slang%3D%22en-US%22%3ERe%3A%20Collaborate%20more%20securely%20with%20new%20cross-tenant%20access%20settings%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3135675%22%20slang%3D%22en-US%22%3E%3CP%3EKind%20of%20small%20step%20in%20the%20right%20direction%2C%20but%20I%20would%20love%20if%20the%20identity%20team%20could%20even%20add%20more%20of%20the%20external%20identities%2C%20the%20part%20we%20have%20been%20using%20in%20Azure%20B2C%20our%20identity%20playground.%20I%20love%20the%20possibilities%20where%20tenant%20and%20the%20identity%20owner%20could%20have%20even%20more%20control.%20In%20B2C%20you%20can%20easy%20require%20through%20different%20Conditinal%20Access%20principles%20such%20as%20different%20elevation%20through%20different%20MFA%20factors%3B%20even%20yet%20another%20ID(entity)P(rovider)%20as%20a%20yet%20another%20MFA%20factor%20or%20even%20control%20the%20MFA%20handling%20OnPrem%20or%20in%20a%20different%20cloud.%20You%20can%20in%20B2C%20inspect%20and%20see%20if%20the%20external%20IDP%20or%20in%20the%20case%20above%20(multitenant%20tenant%20authentication)%20if%20the%20user%20has%20gone%20through%20the%20required%20way%20to%20identify%20the%20user%20(through%20different%20MFA%20factors)%20in%20a%20different%20tenant%2C%20if%20not%20do%20require%20a%20specific%20or%20some%20other%20MFA%20factor%20in%20the%20B2C%20tenant.%20In%20B2C%20we%20can%20also%20consider%20different%20groups%20or%20roles%20to%20pass%20through%20or%20transform%20to%20different%20authorization%20concepts%2C%20also%20different%20rule%20set%20to%20different%20Azure%20tenants%20and%20of%20course%20the%20ability%20to%20restrict%20different%20tenants.%20A%20very%20nice%20feature%20in%20B2C%20is%20also%20the%20possibility%20to%20have%20One%20Cloud%20identity%20to%20multiple%20identities%20belonging%20to%20different%20IDP%E2%80%99s.%20This%20makes%20it%20easy%20to%20migrate%20to%20a%20another%20and%20different%20IDP%20and%20make%20it%20also%20possible%20to%20use%20a%20federated%20IDP%20as%20yet%20another%20MFA%20factor.%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ETo%20my%20friends%20in%20the%20identity%20team%20I%20have%20described%20a%20concept%20of%20A(zure)(External)I(dentity)G(ateway)%20where%20we%20not%20only%20are%20using%20the%20CAE%20concepts%2C%20but%20more%20wisely%20also%20use%20the%20whole%20benefit%20of%20Azure%20Sentinel%20to%20be%20a%20more%20active%20part%20adding%20possibilities%20through%20AI%20and%20more%20dynamic%20protect%20customers%20tenants%2C%20systems%20and%20solutions%20in%20a%20far%20more%20secure%20and%20active%20way%3A%20that%E2%80%99s%20the%20future%20of%20Z(ero)T(rust)A(rchitecture)%20and%20why%20we%20control%20(C)IAM%20concepts%20from%20the%20Azure%20Cloud.%3C%2FP%3E%3CP%3ERegarding%20the%20post%20bellow%2C%20I%20did%20also%20ask%20another%20friend%20of%20mine%20Vittorio%20when%20he%20was%20in%20the%20MS%20identity%20team%20the%20possibility%20to%20get%20some%20more%20info%20about%20the%20different%20tenants%2C%20sort%20of%20a%20lookup%20or%20the%20ability%20to%20do%20a%20callback%3B%20where%20the%20other%20tenant%20owner%20could%20accept%20or%20not%20to%20expose%20some%20human%20readable%20information%20on%20the%20tenant%20e.g.%20the%20tenant%20name%3B%20to%20the%20caller%20also%20dependent%20on%20callers%20tenant%20id.%26nbsp%3B%3CBR%20%2F%3E%3CBR%20%2F%3E%3C%2FP%3E%3CP%3EIt%20should%20be%20possible%20to%20use%20a%20lot%20more%20of%20the%20benefits%20we%20are%20using%20in%20B2C%20with%20Custom%20Policies%20also%20in%20the%20main%20tenant%2C%20not%20everywhere%20but%20at%20least%20in%20the%20different%20E(neterprice)App(lication)s.%20Some%20years%20ago%2C%20a%20friend%20of%20mine%20said%20this%20is%20something%20the%20office%20team%20will%20not%20allow%20and%20my%20replay%20just%20wait%20and%20see%3B%20the%20office%20team%20will%20love%20it%20when%20they%20know%20the%20benefits%20with%20those%20concepts%20and%20will%20take%20it%20even%20further.%20My%20dream%20is%20still%20One%20True%20Strong%20Identity%20in%20the%20clouds%20and%20if%20anyone%20is%20concerned%20with%20the%20ability%20to%20apply%20different%20licenses%20or%20other%20ways%20to%20control%20different%20features%3B%20they%20will%20have%20a%20lot%20more%20options.%20Customers%20are%20tenants%20in%20the%20clouds%20and%20would%20be%20even%20more%20satisfied%20customers%20if%20they%20can%20use%20more%20beneficial%20features.%20Just%20yet%20another%20reason%20why%20the%20customer%20will%20not%20be%20considering%20a%20different%20Cloud%20provider%20in%20the%20future%20or%20why%20new%20customers%20will%20choose%20the%20Azure%20Cloud%20or%20be%20part%20of%20their%20multi-Cloud%20strategy.%3C%2FP%3E%3CP%3EBTW%3A%3C%2FP%3E%3CP%3EAs%20we%20have%20shown%20Azure%20External%20Identities%20can%20be%20used%20in%20Azure%2C%20different%20clouds%20and%2For%20OnPrem%20where%20the%20tenant%20owner%20no%20longer%20have%20to%20steer%20on%20belfies%2C%20assumptions%2C%20feelings%20and%20their%20past%2C%20but%20on%20actual%20events%20and%20observations%20giving%20also%20the%20customers%20better%20insights%20on%20their%20future%20directions%2C%20development%20and%20investments.%20When%20the%20customers%20are%20in%20the%20clouds%20there%E2%80%99s%20a%20lot%20more%20and%20far%20better%20options%20to%20build%20secure%20and%20reliable%20systems.%20Another%20dream%20would%20be%20that%20Sentinel%20was%20just%20part%20of%20the%20Azure%20platform%3B%20just%20as%20Azure%20AD%2C%20making%20if%20far%20easier%20for%20customers%20to%20stay%20secure%20in%20the%20clouds.%3C%2FP%3E%3CP%20class%3D%22%22%3E%26nbsp%3B%3C%2FP%3E%3CP%20class%3D%22%22%3E%3CSPAN%20class%3D%22%22%3EBest%20regards%3C%2FSPAN%3E%3C%2FP%3E%3CP%20class%3D%22%22%3E%3CSPAN%20class%3D%22%22%3EMrSmith%3C%2FSPAN%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-3136369%22%20slang%3D%22en-US%22%3ERe%3A%20Collaborate%20more%20securely%20with%20new%20cross-tenant%20access%20settings%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3136369%22%20slang%3D%22en-US%22%3E%3CP%3EHey%2C%20%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F218763%22%20target%3D%22_blank%22%3E%40Robin%20Goldstein%3C%2FA%3E%26nbsp%3B-%20this%20could%20be%20a%20little%20misleading.%26nbsp%3B%20Cross%20cloud%20typically%20means%20a%20user%20in%20a%20commercial%20tenant%20accessing%20a%20resource%20in%20a%20sovereign%20cloud%20(21v%20or%20GCC%20High)%2C%20and%20vice%20versa.%26nbsp%3B%20This%20article%20makes%20no%20reference%20to%20sovereign%20tenants%20so%20im%20assuming%20the%20scenarios%20outlined%20here%20are%20really%20directed%20at%20users%20in%20a%20commercial%20tenant%20accessing%20resources%20in%20a%20separate%20commercial%20tenant%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ECan%20you%20clarify%20please%3F%3C%2FP%3E%3CP%3EThanks.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-3137792%22%20slang%3D%22en-US%22%3ERe%3A%20Collaborate%20more%20securely%20with%20new%20cross-tenant%20access%20settings%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3137792%22%20slang%3D%22en-US%22%3E%3CP%3EDo%20we%20have%20an%20estimation%20date%20for%20this%20feature%20to%20be%20ready%20for%20production%3F%20I%20think%20is%20super%20interesting%20%3Asmiling_face_with_heart_eyes%3A%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-3143282%22%20slang%3D%22en-US%22%3ERe%3A%20Collaborate%20more%20securely%20with%20new%20cross-tenant%20access%20settings%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3143282%22%20slang%3D%22en-US%22%3E%3CP%3EAre%20there%20any%20negatives%20for%20using%20this%20over%20Azure%20Lighthouse%20if%20all%20you%20need%20from%20Lighthouse%20is%20identity%20management%20and%20not%20other%20resource%20management%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-3143857%22%20slang%3D%22en-US%22%3ERe%3A%20Collaborate%20more%20securely%20with%20new%20cross-tenant%20access%20settings%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3143857%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F456341%22%20target%3D%22_blank%22%3E%40AnthonyEY%3C%2FA%3E%26nbsp%3Bthis%20article%20is%20about%20securing%20collaboration%20across%20different%20directories%20in%20the%20same%20cloud.%20The%20capabilities%20work%20in%20both%20sovereign%20and%20commercial%20environments.%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-3143992%22%20slang%3D%22en-US%22%3ERe%3A%20Collaborate%20more%20securely%20with%20new%20cross-tenant%20access%20settings%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3143992%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F1301004%22%20target%3D%22_blank%22%3E%40David_Alvarez790%3C%2FA%3E%26nbsp%3Bwe'll%20make%20these%20capabilities%20generally%20available%20in%20the%20near%20future.%26nbsp%3B%3CBR%20%2F%3EWe%20actually%20have%20a%20number%20of%20customers%20using%20these%20capabilities%20in%20production%20already%20%3A)%3C%2Fimg%3E%26nbsp%3B%3CBR%20%2F%3E%3CBR%20%2F%3EIn%20the%20meantime%2C%20would%20love%20to%20hear%20from%20you%20on%20how%20the%20features%20are%20working%20for%20you%20%3A)%3C%2Fimg%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-3144202%22%20slang%3D%22en-US%22%3ERe%3A%20Collaborate%20more%20securely%20with%20new%20cross-tenant%20access%20settings%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3144202%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F332632%22%20target%3D%22_blank%22%3E%40Sangeeta_Ranjit%3C%2FA%3E%26nbsp%3BThanks%20for%20the%20info%2C%20from%20my%20point%20of%20view%20the%20only%20thing%20that%20I%20didn't%20like%20yesterday%20when%20I%20was%20testing%20it%20was%20that%20I%20needed%20to%20invite%20users%20from%20Tenant%20B%20to%20Tenant%20A%20to%20allow%20them%20to%20login%20into%20one%20application%20of%20the%20Tenant%20A.%20Is%20it%20possible%20to%20allow%20users%20to%20login%20without%20send%20them%20the%20invite%3F%20I%20think%20at%20least%20with%20the%20current%20is%20not%20possible%2C%20but%20will%20you%20allow%20that%20scenario%20in%20the%20future%3F%3CBR%20%2F%3E%3CBR%20%2F%3EWe%20have%20to%20cover%20a%20case%20in%20our%20company%20with%20multiple%20tenants%20and%20we%20were%20developing%20a%20custom%20policy%20using%20Azure%20AD%20B2C%20but%20yesterday%20I%20read%20about%20this%20new%20functionality%20and%20from%20my%20point%20of%20view%20this%20approach%20is%20a%20lot%20better%20as%20we%20don't%20need%20to%20use%20any%20XML%20file%20related%20to%20custom%20policies%20and%20everything%20is%20configured%20using%20the%20portal.%20The%20only%20pro%20that%20I%20see%20now%20about%20the%20Azure%20AD%20B2C%20approach%20is%20that%20we%20don't%20need%20to%20invite%20any%20user%20from%20Tenant%20B%20to%20Tenant%20A%20to%20allow%20them%20to%20login.%3CBR%20%2F%3E%3CBR%20%2F%3E%3CBR%20%2F%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-3146202%22%20slang%3D%22en-US%22%3ERe%3A%20Collaborate%20more%20securely%20with%20new%20cross-tenant%20access%20settings%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3146202%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F1002353%22%20target%3D%22_blank%22%3E%40NicolasHon%3C%2FA%3E%26nbsp%3Bthat's%20a%20great%20point.%20We%20are%20looking%20at%20ways%20to%20appropriately%20expose%20human%20readable%20tenant%20names%20in%20a%20way%20that%20doesn't%20compromise%20privacy%20or%20proprietar%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-3146213%22%20slang%3D%22en-US%22%3ERe%3A%20Collaborate%20more%20securely%20with%20new%20cross-tenant%20access%20settings%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3146213%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F207021%22%20target%3D%22_blank%22%3E%40Kjetil%20Smith%3C%2FA%3E%26nbsp%3BThere's%20a%20lot%20of%20great%20stuff%20in%20your%20dream!%20Especially%20about%20how%20the%20customizability%20of%20the%20B2C%20system%20can%20be%20useful%20for%20B2B%20and%20external%20identities%20-%20%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F70095%22%20target%3D%22_blank%22%3E%40Kelvin%20Xia%3C%2FA%3E%26nbsp%3Band%20his%20team%26nbsp%3B%20working%20really%20hard%20to%20make%20that%20dream%20a%20reality.%20Maybe%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F216408%22%20target%3D%22_blank%22%3E%40Nitika%20Gupta%3C%2FA%3E%26nbsp%3Band%20her%20teams%20have%20some%20thoughts%20on%20the%20zero%20trust%20concepts%20you%20are%20proposing%20as%20well.%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3ECheers%20and%20thanks%20for%20the%20great%20feedback%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-3146405%22%20slang%3D%22en-US%22%3ERe%3A%20Collaborate%20more%20securely%20with%20new%20cross-tenant%20access%20settings%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3146405%22%20slang%3D%22en-US%22%3E%3CP%3E%3CSPAN%3EHi%20%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F218763%22%20target%3D%22_blank%22%3E%40Robin%20Goldstein%3C%2FA%3E%2C%20good%20news!%20Does%20this%20solve%20the%20problem%20of%20doing%20tenant%20switching%20in%20Teams%20for%20example%3F%3C%2FSPAN%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-3146512%22%20slang%3D%22en-US%22%3ERe%3A%20Collaborate%20more%20securely%20with%20new%20cross-tenant%20access%20settings%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3146512%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F544413%22%20target%3D%22_blank%22%3E%40hsoares%3C%2FA%3E%26nbsp%3BTeams%20shared%20channels%20which%20will%20solve%20the%20problem%20of%20tenant%20switching%20in%20Teams%20will%20be%20coming%20your%20way%20soon!%20Please%20stay%20tuned!%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-3146633%22%20slang%3D%22en-US%22%3ERe%3A%20Collaborate%20more%20securely%20with%20new%20cross-tenant%20access%20settings%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3146633%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F1301004%22%20target%3D%22_blank%22%3E%40David_Alvarez790%3C%2FA%3E%26nbsp%3Babsolutely!%20You%20can%20have%20guest%20users%20in%20your%20organization%20without%20necessarily%20sending%20them%20invitation%20emails.%20You%20can%20simply%20send%20your%20external%20users%20a%20link%20to%20your%20application%20(%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Factive-directory%2Fexternal-identities%2Fadd-user-without-invite%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3EAdd%20B2B%20guests%20without%20an%20invitation%20link%20or%20email%20-%20Azure%20AD%20%7C%20Microsoft%20Docs%3C%2FA%3E)%20or%20enable%20self-service%20sign%20up%20for%20these%20users%20to%20access%20your%20application%2C%20where%20everything%20is%20configured%20using%20the%20portal%20as%20well%20(%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Factive-directory%2Fexternal-identities%2Fself-service-sign-up-overview%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3ESelf-service%20sign-up%20for%20External%20Identities%20-%20Azure%20AD%20%7C%20Microsoft%20Docs%3C%2FA%3E).%3C%2FP%3E%3CP%3EHope%20this%20helps.%20Pls.%20let%20me%20know%20if%20you%20have%20any%20questions.%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-3147541%22%20slang%3D%22en-US%22%3ERe%3A%20Collaborate%20more%20securely%20with%20new%20cross-tenant%20access%20settings%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3147541%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F332632%22%20target%3D%22_blank%22%3E%40Sangeeta_Ranjit%3C%2FA%3E%26nbsp%3BThanks%20for%20your%20help%2C%20the%20links%20are%20actually%20very%20helpful%26nbsp%3B%3CIMG%20class%3D%22lia-deferred-image%20lia-image-emoji%22%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Fhtml%2F%408341BD79091AF36AA2A09063B554B5CD%2Fimages%2Femoticons%2Fsmile_40x40.gif%22%20alt%3D%22%3Asmile%3A%22%20title%3D%22%3Asmile%3A%22%20%2F%3E.%20I%20would%20take%20the%20opportunity%20to%20ask%20for%20the%20Azure%20AD%20B2C%20roadmap%2C%20is%20there%20any%20plan%20to%20change%20the%20way%20to%20create%20custom%20policies%3F%20The%20current%20way%20to%20handle%20them%20using%20very%20complicated%20XML%20syntax%20is%20not%20very%20helpful%26nbsp%3B%3CIMG%20class%3D%22lia-deferred-image%20lia-image-emoji%22%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Fhtml%2F%409839A717402516D64549B98324F4F0C1%2Fimages%2Femoticons%2Fsad_40x40_1.gif%22%20alt%3D%22%3Asad%3A%22%20title%3D%22%3Asad%3A%22%20%2F%3E.%20Is%20there%20any%20place%20at%20Microsoft%20websites%20where%20we%20can%20see%20the%20roadmap%20of%20Azure%20AD%20B2C%20in%20the%20same%20way%20as%20we%20can%20see%20it%20for%20Azure%20DevOps%3F%3CBR%20%2F%3E%3CBR%20%2F%3EThanks%20in%20advance.%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-3149970%22%20slang%3D%22en-US%22%3ERe%3A%20Collaborate%20more%20securely%20with%20new%20cross-tenant%20access%20settings%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3149970%22%20slang%3D%22en-US%22%3E%3CP%3EInteresting%20feature%20and%20it%20will%20help%20to%20build%20a%20Zero%20Trust%20(or%20better%20Zero%2BN%20Trust)%20environment.%3C%2FP%3E%3CP%3EIt%20looks%20like%20we're%20getting%20closer%20to%20a%20setup%20where%20we%20can%20share%20more%20information%20across%20tenants.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ELong%20time%20ago%2C%20behind%20reproached%20hand%2C%20I%20heard%20the%20name%20Tenant%20Friending.%3C%2FP%3E%3CP%3ECan%20you%20share%20more%20information%20on%20that%20as%20well%3F%3CBR%20%2F%3EWhen%20can%20we%20expect%20for%20example%20the%20ability%20to%20find%20other%20%22trusted-tenant-identites%22%20in%20our%20tenant%20services%2C%20e.g.%20ExO%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EIt%20would%20be%20great%20if%20we%20can%20eliminate%20soon%20the%20need%20to%20build%20a%20process%20(or%20avoid%26nbsp%3BADSS%26nbsp%3B%3CIMG%20class%3D%22lia-deferred-image%20lia-image-emoji%22%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Fhtml%2F%408341BD79091AF36AA2A09063B554B5CD%2Fimages%2Femoticons%2Fsmile_40x40.gif%22%20alt%3D%22%3Asmile%3A%22%20title%3D%22%3Asmile%3A%22%20%2F%3E)%20to%20keep%20our%20quickly%20stale%20B2B%20objects%20up%20to%20date.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EBest%20regards%2C%3C%2FP%3E%3CP%3EValentin%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-3150227%22%20slang%3D%22en-US%22%3ERe%3A%20Collaborate%20more%20securely%20with%20new%20cross-tenant%20access%20settings%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3150227%22%20slang%3D%22en-US%22%3E%3CP%3EIs%20this%20functionality%20like%20trusting%20MFA%20claims%2C%20device%20state%20etc.%20need%20accounts%20from%20the%20remote%20tenant%20to%20be%20provisioned%20as%20guests%20in%20our%20tenant%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-3150326%22%20slang%3D%22en-US%22%3ERe%3A%20Collaborate%20more%20securely%20with%20new%20cross-tenant%20access%20settings%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3150326%22%20slang%3D%22en-US%22%3E%3CP%3EYou%20can%20use%20this%20feature%20to%20verify%20that%20a%20particular%20domain%20has%20a%20Microsoft%20tenant.%20Is%20this%20the%20expected%20behavior%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-3150793%22%20slang%3D%22en-US%22%3ERe%3A%20Collaborate%20more%20securely%20with%20new%20cross-tenant%20access%20settings%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3150793%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F97879%22%20target%3D%22_blank%22%3E%40ValentinH%3C%2FA%3E%26nbsp%3Binteresting%20points.%20Certainly%20looking%20to%20making%20the%20experiences%20better%20for%20cross-organizational%20collaboration.%20Would%20love%20to%20understand%20the%20process%20you%20have%20to%20keep%20the%20B2B%20objects%20up%20to%20date.%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-3150838%22%20slang%3D%22en-US%22%3ERe%3A%20Collaborate%20more%20securely%20with%20new%20cross-tenant%20access%20settings%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3150838%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F218383%22%20target%3D%22_blank%22%3E%40NITIN%20SHUKLA%3C%2FA%3E%26nbsp%3Bcross-tenant%20access%20settings%20is%20for%20external%20users%20that%20have%20a%20footprint%20in%20your%20organization%20as%20a%20guest%20user.%20Trusting%20MFA%20claims%20and%20device%20claims%20help%20you%20maintain%20your%20security%20posture%20in%20your%20organization%20while%20making%20the%20experiences%20for%20the%20guest%20user%20better.%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-3150840%22%20slang%3D%22en-US%22%3ERe%3A%20Collaborate%20more%20securely%20with%20new%20cross-tenant%20access%20settings%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3150840%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F542889%22%20target%3D%22_blank%22%3E%40mohessu%3C%2FA%3E%26nbsp%3BI'm%20not%20sure%20I%20understand%20your%20question.%20Would%20appreciate%20if%20you%20could%20clarify.%20The%20capabilities%20of%20cross-tenant%20access%20settings%20let%20you%20set%20granular%20controls%20around%20who%20in%20your%20organization%20can%20access%20external%20resources%20and%20which%20external%20users%20can%20access%20your%20apps%20and%20resources.%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-3151576%22%20slang%3D%22en-US%22%3ERe%3A%20Collaborate%20more%20securely%20with%20new%20cross-tenant%20access%20settings%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3151576%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F1301004%22%20target%3D%22_blank%22%3E%40David_Alvarez790%3C%2FA%3E%26nbsp%3Btagging%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F734357%22%20target%3D%22_blank%22%3E%40pawann%3C%2FA%3E%26nbsp%3Bfor%20the%20Azure%20AD%20B2C%20roadmap.%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-3151596%22%20slang%3D%22en-US%22%3ERe%3A%20Collaborate%20more%20securely%20with%20new%20cross-tenant%20access%20settings%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3151596%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F434938%22%20target%3D%22_blank%22%3E%40bobsyouruncle%3C%2FA%3E%26nbsp%3BI%20think%20your%20idea%20would%20be%20ok.%20Please%20let%20us%20know%20if%20your%20scenarios%20are%20being%20met.%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-3166050%22%20slang%3D%22en-US%22%3ERe%3A%20Collaborate%20more%20securely%20with%20new%20cross-tenant%20access%20settings%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3166050%22%20slang%3D%22en-US%22%3E%3CP%20data-pm-slice%3D%221%201%20%5B%5D%22%3EOne%20of%20my%20customer%20wants%20to%20confirm%20%22Will%20trust%20MFA%20work%20with%20the%201st%20application%20like%20sharepoint%22%2C%20can%20we%20have%20the%20confirmation%20here%3F%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F218763%22%20target%3D%22_blank%22%3E%40Robin%20Goldstein%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-3166294%22%20slang%3D%22en-US%22%3ERe%3A%20Collaborate%20more%20securely%20with%20new%20cross-tenant%20access%20settings%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3166294%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F332632%22%20target%3D%22_blank%22%3E%40Sangeeta_Ranjit%3C%2FA%3E%26nbsp%3B%2C%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F734357%22%20target%3D%22_blank%22%3E%40pawann%3C%2FA%3E%26nbsp%3BAny%20news%20about%20Azure%20AD%20B2C%20roadmap%3F%3CBR%20%2F%3E%3CBR%20%2F%3EThanks%20%E2%9D%A4%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-3167471%22%20slang%3D%22en-US%22%3ERe%3A%20Collaborate%20more%20securely%20with%20new%20cross-tenant%20access%20settings%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3167471%22%20slang%3D%22en-US%22%3E%3CP%3EIs%20this%20the%20same%20as%20setting%20up%20a%20two-way%20forest%20trust%20with%20on-prem%20AD%20servers%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EAt%20first%20this%20doesn't%20shout%20out%20as%20being%20so%20but%20then%20there%20are%20a%20lot%20of%20similarities.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-3174788%22%20slang%3D%22en-US%22%3ERe%3A%20Collaborate%20more%20securely%20with%20new%20cross-tenant%20access%20settings%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3174788%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F218763%22%20target%3D%22_blank%22%3E%40Robin%20Goldstein%3C%2FA%3E%26nbsp%3Bwe%20saw%20some%20odd%20behavior%20with%20SSMS%20when%20enabling%20this%20feature%2C%20can%20your%20team%20review%3F%20...%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fanswers%2Fquestions%2F738509%2Fcross-tenant-access-settings-for-external-collabor.html%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fanswers%2Fquestions%2F738509%2Fcross-tenant-access-settings-for-external-collabor.html%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-3174796%22%20slang%3D%22en-US%22%3ERe%3A%20Collaborate%20more%20securely%20with%20new%20cross-tenant%20access%20settings%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3174796%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F701474%22%20target%3D%22_blank%22%3E%40chad%3C%2FA%3E%26nbsp%3Bthanks%20for%20the%20report%2C%20I'll%20send%20it%20to%20the%20team%20to%20debug%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-3179508%22%20slang%3D%22en-US%22%3ERe%3A%20Collaborate%20more%20securely%20with%20new%20cross-tenant%20access%20settings%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3179508%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F701474%22%20target%3D%22_blank%22%3E%40chad%3C%2FA%3E%26nbsp%3Bthank%20you%20for%20reporting%20the%20issue!%20Would%20you%20be%20able%20to%20give%20some%20additional%20debug%20information%20please%3F%20I%20can%20direct%20message%20you%2C%20if%20that'd%20work.%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-3190312%22%20slang%3D%22en-US%22%3ERe%3A%20Collaborate%20more%20securely%20with%20new%20cross-tenant%20access%20settings%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3190312%22%20slang%3D%22en-US%22%3E%3CP%3E%3CSPAN%3EHi%26nbsp%3B%3C%2FSPAN%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F218763%22%20target%3D%22_blank%22%3E%40Robin%20Goldstein%3C%2FA%3E%3CSPAN%3E%2C%26nbsp%3B%3C%2FSPAN%3E%3C%2FP%3E%3CP%3Ewhat%20the%20difference%20is%20between%20%22Cross-tenant%20Access%20Settings%22%20and%20%22Connected%20organizations%20Settings%22%3F%20Is%20possible%20to%20list%20external%20tenant%20identities%26nbsp%3Bwithout%20new%20catalog%20and%20entitlement%20management%3F%26nbsp%3BAccording%20to%20the%20documentation%2C%20I%20got%20the%20impression%20that%20it%20should%20work%20independently%20without%26nbsp%3BConnected%20organizations.%26nbsp%3B%3CBR%20%2F%3E%3CBR%20%2F%3EThank%20you%20for%20your%20response!%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-3222798%22%20slang%3D%22en-US%22%3ERe%3A%20Collaborate%20more%20securely%20with%20new%20cross-tenant%20access%20settings%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3222798%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F220044%22%20target%3D%22_blank%22%3E%40ZdeKor%3C%2FA%3E%26nbsp%3BYou're%20correct%20that%20Cross%20Tenant%20Access%20Settings%20and%20Connected%20Organizations%20are%20separate%20entities.%20Cross%20Tenant%20Access%20Settings%20applies%20to%20Azure%20AD%20tenants%20as%20a%20whole.%20Connected%20Organizations%20applies%20to%20specific%20domains%20and%20will%20require%20users%20of%20that%20domain%20to%20authenticate%20with%20either%201)%20An%20Azure%20AD%20tenant%20associated%20with%20that%20domain%2C%202)%20A%20federated%20provider%20(aka%20direct%20federation%20has%20been%20setup%20for%20that%20domain)%2C%20or%203)%20Email%20OTP.%20Cross%20Tenant%20Access%20Settings%20enforces%20inbound%2Foutbound%20controls%20to%20any%20application%20in%20the%20policy's%20scope.%20Connected%20Orgs%20are%20essentially%20only%20used%20when%20going%20to%20the%20MyAccess%20Portal%20to%20request%20Access%20Packages%2C%20etc.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-3222828%22%20slang%3D%22en-US%22%3ERe%3A%20Collaborate%20more%20securely%20with%20new%20cross-tenant%20access%20settings%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3222828%22%20slang%3D%22en-US%22%3E%3CP%3EMaybe%20someone%20will%20offer%20to%20draw%20some%20simple%20real-world%20examples%2C%20say%20a%20top%205%20or%20top%2010.%3C%2FP%3E%3CP%3Eeg%3A%3C%2FP%3E%3CP%3ECustomer%20is%20using%20'cloud%20app%20A'%20which%20supports%20SSO%20via%20AAD.%20And%20they%20want%20a%20contractor%20to%20login%20to%20this%20app%20using%20their%20AAD%2C%20but%20have%20no%20other%20access%20to%20their%20tenant.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-3241357%22%20slang%3D%22en-US%22%3ERe%3A%20Collaborate%20more%20securely%20with%20new%20cross-tenant%20access%20settings%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3241357%22%20slang%3D%22en-US%22%3E%3CP%3EHi!%3CBR%20%2F%3E%3CBR%20%2F%3EI'm%20testing%20this%20interesting%20feature%20to%20be%20able%20to%20login%20in%202%20different%20tenants%20using%20one%20Blazor%20project%2C%20I'm%20able%20to%20login%20properly%20with%20users%20from%20both%20tenants%20but%20I'm%20only%20able%20to%20get%20the%20upn%20claim%20for%20the%20main%20domain%20tenant%20users%20not%20from%20the%20external%20tenant%2C%20is%20there%20anything%20I%20need%20to%20configure%20for%20that%3F%20Thanks%3CBR%20%2F%3E%3CBR%20%2F%3E%3CBR%20%2F%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-3263491%22%20slang%3D%22en-US%22%3ERe%3A%20Collaborate%20more%20securely%20with%20new%20cross-tenant%20access%20settings%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3263491%22%20slang%3D%22en-US%22%3E%3CP%3EThank%20you!%20You%20really%20have%20heard%20%3Asmiling_face_with_smiling_eyes%3A%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-3269615%22%20slang%3D%22en-US%22%3ERe%3A%20Collaborate%20more%20securely%20with%20new%20cross-tenant%20access%20settings%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3269615%22%20slang%3D%22en-US%22%3E%3CP%3EThank%20you%2C%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F359428%22%20target%3D%22_blank%22%3E%40aaron001%3C%2FA%3E%26nbsp%3B%3A)%3C%2Fimg%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-3276404%22%20slang%3D%22en-US%22%3ERe%3A%20Collaborate%20more%20securely%20with%20new%20cross-tenant%20access%20settings%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3276404%22%20slang%3D%22en-US%22%3E%3CP%3EThis%20update!%20Is%20great!%20As%20far%20as%20I%20can%20implement.%3C%2FP%3E%3CP%3EIs%20it%20also%20possible%20currently%20to%20share%20global%20address%20books%20between%20two%20tenants%3F%20I%20cannot%20seem%20to%20find%20any%20feature%20related%20intel%20about%20this.%20Sorry%20if%20this%20is%20a%20stupid%20question.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-3276430%22%20slang%3D%22en-US%22%3ERe%3A%20Collaborate%20more%20securely%20with%20new%20cross-tenant%20access%20settings%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3276430%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F1353789%22%20target%3D%22_blank%22%3E%40Kevin_van_t_IJssel%3C%2FA%3E%26nbsp%3BI%20have%20been%20asking%20about%20the%20same%20feature%20too.%20As%20far%20as%20I%20know%2C%20cross%20tenant%20GAL%20sharing%20or%20even%20lookup%20is%20currently%20not%20available.%20You%20have%20to%20use%20out%20of%20band%20processes%20to%20sync%20objects%20between%20AAD%20directories.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-3276431%22%20slang%3D%22en-US%22%3ERe%3A%20Collaborate%20more%20securely%20with%20new%20cross-tenant%20access%20settings%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3276431%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F218383%22%20target%3D%22_blank%22%3E%40NITIN%20SHUKLA%3C%2FA%3E%26nbsp%3Bsounds%20pretty%20stupid..%20(apologies%20for%20my%20words!)%3CBR%20%2F%3EHow%20did%20you%20actually%20resolve%20it%20yourself%3F%20Do%20you%20use%20any%20powershell%20script%20to%20sync%20all%20data%20between%20both%20tenants%3F%20Or%20what%20direction%20do%20I%20need%20to%20look%3F%20Because%20I%20am%20not%20really%20into%20exporting%20daily%20manually%20and%20assign%20it%20to%20a%20computer.%20I%20hope%20there%20is%20a%20way%20to%20sync%20between%20both%20AAD%20directories..%20Question%20is%2C%20how%3F%20I%20found%20an%20external%20tool%20called%20GALSync%2C%20but%20it%20costs%20pretty%20much%20as%20far%20as%20I%20can%20see..%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ECurrently%20looking%20for%20days..%20But%20seem%20to%20find%20nothing%20really%20working%20out%20that%20can%20be%20maintained%20easily%20except%20alternative%20developed%20applications...%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-3276914%22%20slang%3D%22en-US%22%3ERe%3A%20Collaborate%20more%20securely%20with%20new%20cross-tenant%20access%20settings%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3276914%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F1353789%22%20target%3D%22_blank%22%3E%40Kevin_van_t_IJssel%3C%2FA%3E%26nbsp%3Bwe%20are%20a%20pretty%20large%20setup%20and%20sync%20%26gt%3B100K%20objects%20therefore%20we%20opted%20to%20use%20the%20ADSS%20sync%20service%20which%20Microsoft%20provides.%20Think%20about%20it%20as%20a%20sync%20engine%20hosted%20and%20maintained%20by%20Microsoft.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-3277412%22%20slang%3D%22en-US%22%3ERe%3A%20Collaborate%20more%20securely%20with%20new%20cross-tenant%20access%20settings%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3277412%22%20slang%3D%22en-US%22%3E%3CP%3EHello%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F332632%22%20target%3D%22_blank%22%3E%40Sangeeta_Ranjit%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%3CP%3EWe%20are%20a%20big%20fan%20of%20this%20feature.%20Thanks%20for%20implementing%20this.%26nbsp%3B%3C%2FP%3E%3CP%3EDo%20you%20have%20any%20plans%20making%20it%20possible%20to%20trust%20AppProtection-Policies%20(Intune%20MAM)%20in%20addition%20to%20the%20compliance-state%3F%26nbsp%3B%3C%2FP%3E%3CP%3EBest%20Axel%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-3283630%22%20slang%3D%22en-US%22%3ERe%3A%20Collaborate%20more%20securely%20with%20new%20cross-tenant%20access%20settings%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3283630%22%20slang%3D%22en-US%22%3E%3CP%3EAre%20there%20any%20plans%20to%20expand%20B2B%20direct%20connect%20beyond%20Teams%20Connect%20shared%20channels%3F%26nbsp%3B%20I%20know%20one%20organization%20that%20would%20love%20to%20be%20able%20to%20provide%20access%20to%20SharePoint%20Communication%20sites%20using%20B2B%20direct%20connect.%26nbsp%3B%20If%20it%20was%20possible%20today%2C%20they%20would%20most%20likely%20adopt%20B2B%20direct%20connect%20with%20Teams%20Connect%20shared%20channels.%26nbsp%3B%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-3283657%22%20slang%3D%22en-US%22%3ERe%3A%20Collaborate%20more%20securely%20with%20new%20cross-tenant%20access%20settings%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3283657%22%20slang%3D%22en-US%22%3E%3CP%3ENowhere%20in%20the%20Microsoft%20documentation%20for%20Cross-tenant%20access%20settings%20does%20it%20mention%20if%20B2B%20collaboration%20and%20B2B%20direct%20connect%20are%20mutually%20exclusive.%26nbsp%3B%20I%20tested%20in%20my%20lab%20and%20found%20that%20I%20could%20configure%20B2B%20collaboration%20to%20block%20access%20both%20inbound%20and%20outbound%20in%20the%20two%20tenants%20that%20would%20be%20used%20to%20test%20B2B%20direct%20connect%20and%20then%20configured%20a%20one-way%20mutual%20trust%20relationship%20from%20my%20resource%20tenant%20(B2B%20direct%20connect%20incoming%20settings)%20and%20home%20tenant%20(B2B%20direct%20connect%20outbound%20settings).%26nbsp%3B%20Once%20I%20enabled%20the%20Teams%20preview%20feature%20and%20a%20few%20other%20hoops%2C%20and%20waited%20for%20the%20mutual%20trust%20to%20be%20created%2C%20I%20was%20able%20to%20create%20a%20Teams%20shared%20channel.%26nbsp%3B%20Added%20a%20user%20from%20the%20home%20tenant%20as%20a%20member%20of%20the%20Teams%20shared%20channel%20and%20tested%20Posts%20and%20File%20sharing%20so%20far.%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-3283959%22%20slang%3D%22en-US%22%3ERe%3A%20Collaborate%20more%20securely%20with%20new%20cross-tenant%20access%20settings%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3283959%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F1360259%22%20target%3D%22_blank%22%3E%40garyrhoward%3C%2FA%3E%26nbsp%3Band%20others%20thanks%20for%20the%20feedback%20and%20questions.%20There%20is%20ongoing%20work%20to%20support%20cross%20tenant%20collaboration%20for%20multi%20tenant%20organizations%20for%20scenarios%20%26nbsp%3Blike%20file%20sharing%20and%20GAL%20sync.%3C%2FP%3E%3C%2FLINGO-BODY%3E
Co-Authors
Version history
Last update:
‎Feb 07 2022 06:10 AM
Updated by: