Cross AAD Tenant Identity setup for M365

Occasional Visitor

This is a school setup, requiring 2 ADs for physical separation of corp user and Faculty/student users. M365 for EDU with F1 licences has been choosen, the school name to be use as the domain name. The default AD that came with the M365 subscription has faculty/student users, added another AAD for corp users. So the AAD setup looks something like EDU.onmicrosoft.com and corp.onmicrosoft.com both under the same M365 subscription. 

 

This is a new setup and users in EDU tenant have been setup emails in the new M365 but users in CORP do not have emails setup. Plan is to invite them into EDU tenant as internal ADD users and assign them licences. So end result is all the users from both EDU and CORP can use the same domain for the School.com 

 

I have managed to invite a single user from corp into EDU. This user can login can now log into the EDU azure portal and also shows up under the guest user on the office adminportal. 

 

So, a user with UPN - johh@corp.onmicrosoft.com has now  become John_corp.onmicrosoft.com#EXT#@EDU.onmicrosoft.com 

 

however the email address that shows up on office admin portal is john@edu.onmicrosoft.com. 

 

When i try to add the user to an email client...or log in to office.com the login fails with "his username may be incorrect. Make sure you typed it correctly. Otherwise, contact your admin."

 

What am I missing.....please help! 

 

1 Reply
Guest users cannot have mailboxes in another tenant. For your scenario, you need to either add all users to the same tenant (look into GAL segmentation and Information barriers for separating them: https://docs.microsoft.com/en-us/microsoftteams/information-barriers-in-teams) or use two separate tenants, with each user having a mailbox in their respective "home" tenant. Guest access can then be used to grant access to SPO sites or Teams.