Azure- and O365-Architecture for Affiliated Group Companies


My enterprise (an affiliated group of several manufacturing companies) is at a conceptual design phase of adopting Office 365 and Azure. The individual companies share very little in common. Actually it is quite usual in our industry to sell a complete company to another group. So with the time it is likely that single companies from our group will leave and others will join.

Nevertheless there are decision makers who wish that all companies share the same domain which gives us (the IT departments of the individual companies) quite some headache. One perhaps important note: They are primarily thinking in "Email-Addresses". Meaning we shall at least share the same Email Domains. So my Questions are:

  • What drawbacks do we have to consider having one single tenant?
  • What drawbacks do we have to consider having multiple tenants?
  • Is there a way to share one Domain for Emails while each affiliated company can have their own tenant?
2 Replies
You cannot share one domain across multiple tenants. You can configure RBAC for permissions or leverage 3rd party tools like 4ward etc.
I would suggest looking into ADFS 3.0 and FIM as a possible solution. Are there already trusts in place between groups? Having a single forest would make this a lot easier. If the ultimate goal is for everyone affiliated group to have the same email / login means that each groups AD would have to use the same UPN or a custom attribute to sync to Azure AD. Each tenant will be billed separately, with a single tenant you would have one bill for all the groups. This is a very complicated question and to provide a real answer would take some O365 planning days from a consultant. Which you likely have with your EA, just speak with your Microsoft acct rep.