As businesses are moving towards the Cloud, especially that of Microsoft Azure, the need for centralization is becoming of paramount importance.  Whether it is your security policies, or even your Microsoft 365 apps, you need to make sure that you and your IT Security team can access critical information and data in just a matter of minutes in order to avoid becoming the victim of a Cyberattack.

In this article, we provide an overview of this.

What Is Recommended

Microsoft recommends that only one tenant of Entra should be used (this is the new name for the Azure Active Directory).  The primary reason for this is that it greatly simplifies policy management, and more importantly, it can help a business to save any kind of CapEx or OpEx expenditures that may occur.  But there are other reasons why you might need more than one tenant, and these are the following reasons why:

*Your business could have multiple subsidiaries in different industries.

*You have offices in different geographic locations throughout the world.

*Depending upon the country or state in which you do business, you could be bound by various data privacy laws, such as those of the GDPR, HIPAA, CCPA, etc.

*Your business may be acquired or you may acquire other types of organizations.

If you do need multiple tenants of Entra, then the best choice to use for consolidation is the Azure Lighthouse.  Also, you can use the Azure Delegated Resource Management tool to onboard multiple subscriptions of Entra.  This will give the ability to cross manage them from a centralized location, and all at once, rather than having to go through them individually.

More information about the Azure Lighthouse can be seen at the link below:

More information about the Azure Delegated Resource Management tool can be seen at this link:

An Example

Suppose your business at first has just one tenant, and this is Tenant A.  Suppose later on you go through a Merger and Acquisition process, and you buy out two new companies, and that they become subsidiaries.  Because of this, they now become separate tenants, known as Tenant B and Tenant C.

But your business wants to use the same policy definitions, backup practices, and security processes across all of the included tenants (which are A, B, and C). Since you already have users and their respective profiles, using the above-mentioned tools you can bring onboard all of the Microsoft 365 and Azure subscriptions from Tenant B and Tenant C to Tenant A  The latter then becomes the managing tenant. Because of this, you can now centralize all policies and management resources from a single dashboard.

An example of this is illustrated below:

(SOURCE:  1).


If you need help with policy and management centralization in your Azure Cloud, contact us today.