09-27-2019 10:28 AM
09-27-2019 10:28 AM
I have a user (John Smith) that is a financial adviser for Ajax Investments Ajax.xom. Ajax has 950 independent financial advisers throughout the United States. Ajax is responsible for providing each independent financial advisers an email account that meets SEC rules which requires email Journaling so the minimum O365 seat they provide to John Smith would be E3. Ajax provides an email address of JohnSmith@Ajax.xom to John Smith and it is a regular user account without access to administrator or domain administrator functions. Ajax has Sharepoint and One Drive disabled for all users in the Ajax.com domain. Ajax has MFA (Multi factor authentication) enabled for JohnSmith@Ajax.xom.
Ajax.xom told John Smith to purchase a new domain of mydomain.com and create a new Office 365 account using mydomain.com as the tenant domain for Sharepoint and One Drive. John Smith does not intend to use his email address of firstname.lastname@example.org at all and is forbidden to use it for business by SEC rules since it is not being filtered for bad advice, keywords, and has no email Journaling. Ajax is requiring MFA (Multi factor authentication) to be enabled for email@example.com.
John Smith is using OWA with his JohnSmith@Ajax.xom account and want to attached a 300 MB file and OWA prompts him with the option to upload it to One Drive and send a link to the recipient. How will this work given there are two different domains involved?
John Smith is setting up JohnSmith@Ajax.xom on his smartphone for emailing clients along with Sharepoint and One Drive firstname.lastname@example.org. The email accoutnt JohnSmith@Ajax.xom is using MFA. The SharePoint account tied to email@example.com and the One Drive account tied to firstname.lastname@example.org are using MFA. How will this work given there are two different domains involved?
It seems to me that this setup is counter intuitive to how Office 365 is designed and supported. We have a difficult time supporting users with 1 domain in Office 365 email, SharePoint, and One Drive using MFA on a daily basis with all the things that arise.
I appreciate input from the community, especially from anyone that has tried this recently.
09-30-2019 12:13 PM
@TJmustangTJYour post is very long and very confusing. The most important thing is missing: What are you trying to achieve? I don't get why you create tenants for individual users.
09-30-2019 01:24 PM - edited 09-30-2019 01:25 PM
Thanks for your response. Unfortunately I do not think I can make my post shorter. I have a user that is provided an email account (JohnSmith@Ajax.xom)that is hosted on Office 365 and the user does not have admin rights to anything. The user will be forced to use MFA on this email account. One Drive and SharePoint is disabled on the Office 365 account associated with JohnSmith@Ajax.xom. The user is going to create an individual Office 365 account with a tenant mydomain.com. The user will assign himself an email account of email@example.com and use OnDrive and SharePoint under mydomain.com with MFA. How will all this work on the same PC with Outlook and the same smart phone?@Daniel Niccoli
10-01-2019 12:12 AM - edited 10-01-2019 12:13 AM
@TJmustangTJ If you do not connect the computer to Azure AD, then you can just sign in to each app with the required account. If you access web services, you need a different browser or browser profile for each tenant.
However, there is no cross-service access (Outlook/ajax.com accessing files on OneDrive/mydomain.com). Office 365 is not really meant to be used by a single person with multiple tenants. If you need that, then you're having a management problem rather than a technical problem and the user should have all services accessible under one tenant.
10-01-2019 08:04 AM
Thanks for the response. I agree with the statement "Office 365 is not really meant to be used by a single person with multiple tenants." One major problem I foresee is John Smith is a financial adviser under Ajax and must use JohnSmith@Ajax.xom when communicating with clients because of SEC rules. What will happen when John Smith is composing an email in OWA using the JohnSmith@Ajax.xom account and he needs to attach a large file. OWA will offer to upload the file to One Drive and send a link. Ajax has One Drive associated with JohnSmith@Ajax.xom disabled and instructed John Smith to create One Drive tied to firstname.lastname@example.org. I do not think John Smith will ever be able to seamlessly use One Drive from email@example.com with OWA email under JohnSmith@Ajax.xom. I have had lengthy discussions with Ajax expressing my concerns and that they are attempting to use Office 365 in a way it was never designed to be used.@Daniel Niccoli