Microsoft Releases Improvements for Entra ID Cross-Tenant Access Settings

Cloud Computing

Key takeaways:

  • Microsoft has announced a series of updates for Entra ID cross-tenant access settings.
  • IT administrators will now have greater control over cross-tenant collaboration with the ability to configure custom roles.
  • A new storage model enables IT admins to seamlessly configure policies for as many partners as needed.

Microsoft is improving the collaboration experience with updates to Entra ID cross-tenant access settings. These enhancements include support for custom roles in cross-tenant access settings, protected actions, the removal of partner limits, and more.

Microsoft announced the commercial release of Entra ID cross-tenant collaboration settings in preview last year. The feature is designed to make it easier for organizations to share access with trusted organizations. The new settings allow organizations to control how users collaborate with other Microsoft 365 tenants. There are also inbound and outbound settings to control access on an application, group, or tenant-wide basis.

With this release, Microsoft has released a new feature that lets organizations configure custom roles for IT admins managing cross-tenant access settings. Moreover, it’s possible for IT Pros to use Conditional Access policies to protect management actions. For instance, a policy requires admins to perform Multi-Factor Authentication (MFA) before making any changes to the default settings for B2B collaboration.

“Today, you need to use either a Global or Security admin to fully manage cross-tenant access settings. Now you can use custom roles to create roles that meet the requirements you have. We’ve seen customers create a full cross-tenant access administrator, a partner administrator, and even a cross-tenant access reader. This allows you to delegate only the rights needed to perform these management actions without granting too many permissions,” Microsoft explained.

Microsoft Releases Improvements for Entra ID Cross-Tenant Access Settings

Microsoft removes limits on the number of partners in cross-tenant access settings

Microsoft has also removed a previous limit on the number of partners added in cross-tenant access settings. The company has introduced a new storage model that lets IT admins configure policies for as many partners as required. Microsoft plans to gradually move all commercial customers to this new model in the coming months. IT admins will see an entry in the audit logs informing them about the updated cross-tenant access settings.

Last but not least, Microsoft has introduced a change to ensure that B2B invitations respect cross-tenant access settings. The new capability will check the cross-tenant access settings and allow/block list at the time of invitation. It should help IT admins to prevent unapproved users from sending invitations to their organizations.