Microsoft has announced the general availability of cross-tenant synchronization for Azure Active Directory (recently renamed Microsoft Entra ID) customers. The new feature allows IT admins to automate the creation of user accounts across tenants in their organization.
Microsoft launched the public preview of cross-tenant synchronization for Azure AD back in January. Cross-tenant synchronization helps to save the time and effort previously required to manage consent prompts and redemption process in Azure AD B2B collaboration.
“Cross-tenant synchronization automates creating, updating, and deleting B2B collaboration users. Users created with cross-tenant synchronization are able to access both Microsoft applications (such as Teams and SharePoint) and non-Microsoft applications (such as ServiceNow, Adobe, and many more), regardless of which tenant the apps are integrated with,” Microsoft explained.
Under the hood, the feature uses the Azure AD B2B functionality and provides integration with conditional access, cross-tenant access settings, and other security and governance capabilities. It lets IT admins limit access to content and resources to a specific group of users within the organization. This capability helps to reduce the likelihood of potential administrative errors and security threats.
As of this writing, the cross-tenant synchronization feature is only available for commercial cloud customers. Microsoft says that it’s designed to improve intra-organization cross-tenant application access. However, the feature doesn’t support cross-cloud synchronization (such as public cloud to Azure Government).
Keep in mind that customers will need to purchase an Azure AD Premium P1 subscription to access cross-tenant synchronization as a source tenant. Microsoft has detailed three easy steps to configure the feature in Azure AD on this support page.