Azure AD Cross Tenant RRS feed

  • Pertanyaan

  • Hello everyone,

    I have a question regarding 2 tenants Federatio.
    I would like to give access from one tenant to the other. In particular, Exchange Online...

    Example: User Tenant 1 must have full access (Exchange Online) to a user from Tenant 2

    Is the following procedure correct: Exchange Online cross-tenant authentication


    Selasa, 22 November 2022 16.10

Semua Balasan

  • Those are mine and the alter ego is from this account and not the government side. So the two user agent’s where setup by me.
    Selasa, 22 November 2022 18.10
  • Follow these steps to configure customized settings for specific organizations.
    Sign in to the Azure portal using a Global administrator or Security administrator account. ...
    Select External Identities, and then select Cross-tenant access settings.
    Select Organizational settings.
    Select Add organization.


    Rachel Gomez

    Senin, 12 Desember 2022 05.10
  • Yes, cross-tenant authentication for Exchange Online can be used to give users from one tenant access to Exchange Online resources in another tenant. This can be done by configuring a trust between the two tenants, which allows users from one tenant to be authenticated by the other tenant's Active Directory. Once the trust is established, you can then use Exchange Online remote sharing features to give users from one tenant access to the other tenant's Exchange resources, such as mailboxes and calendar items.


    Rabu, 25 Januari 2023 12.13
  • Yes, the Exchange Online cross-tenant authentication procedure is the correct way to grant a user from one tenant full access to a user from another tenant in Exchange Online.

    To achieve this, you need to set up cross-tenant permissions using the following steps:

    Connect to Exchange Online PowerShell for both tenants.

    Grant the user from Tenant 1 full access permissions to the mailbox of the user from Tenant 2 using the following command:

    Add-MailboxPermission -Identity -User -AccessRights FullAccess -InheritanceType All

    In Tenant 2, grant the user from Tenant 1 the necessary permissions to access the mailbox using the following command:

    Add-RecipientPermission -Identity -Trustee -AccessRights FullAccess -Confirm:$false

    After granting the permissions, the user from Tenant 1 can access the mailbox of the user from Tenant 2 using Outlook on the web or Outlook desktop by adding the mailbox to their account.

    It is important to note that cross-tenant permissions can only be granted by a global administrator or an Exchange administrator with appropriate permissions in both tenants. Additionally, cross-tenant permissions can take up to 24 hours to take effect, so it is recommended to plan accordingly.
    Kamis, 23 Februari 2023 13.38