Evaluating Azure Cross-Tenant Synchronization: Benefits and Concerns
We’re looking into this Azure feature and how it would benefit the 4 tenants we manage. Reading MS learn and other articles, they highlight many of the benefits, but what about the got chas? Several areas of concern right off the bat are: How are users affected with devices not in Intune from one tenant (child - them) accessing a tenant with active CAPs (primary - us) that require compliant enrolled devices? Does the sync take precedence over the CAPs (Conditional Access Policies)? Are there any effects on guest user (b2b) access? How does this affect established SharePoint/OneDrive sharing access. Are the SP/OD sharing settings still in affect? When you sync identities, do you have granular control what gets synced and to what resources? https://learn.microsoft.com/en-us/entra/identity/app-provisioning/known-issues?pivots=app-provisioning#special-characters-are-not-supported-on-joining-properties brings up an issue with special characters. Our child tenants are in the EU, Africa, and in China that use them. Has anyone had issues? Thank you in advance sharing your experiences with this.
Dynamic membership rules
Hello, I need to create a dynamic group that contains only active users, and I would like to filter other Azure AD attributes, such as the position for example. I was not able to proceed even analyzing the documentation. Does anyone have experience with creating custom dynamic association rules? Is it possible?