Forum Discussion
multiple companies in one tenant
Yes, you can create "management scopes" that limit the users/mailboxes which a particular admin can manage. You can also create "exclusive" scopes which prevent any other admins from touching the mailbox. It's a very robust model, and would be nice to see it expand to other workloads (for example the SCC now has some similar controls).
I couldnt find an article tailored for ExO , but this one should give you the idea behind management scopes: https://technet.microsoft.com/en-us/library/dd351083(v=exchg.150).aspx
With that set of requirements, I would recommend using separate tenants for each company, and then using Azure B2B to simplify authentication between tenants. Each tenant would be able to keep administration separated and implement their own DLP and governance policies as necessary. Advanced Security Management could be used to provide oversight of admin actions. It may even make sense to have another tenant for the Holdings organization for the people that run that business. Granted this would be more complicated, but, corporate structures like this are inherently complicated and should expect to incur additional costs when they have complex regulatory scenarios.
