25 July 2021

How to share SharePoint Online website with another tenant by Azure B2B

The case

Two companies (for example, parent and affiliate) have their own Microsoft tenants. Both companies are big, let's say more than 10000 users each. Everyday companies hire and fire employees.

The first company (parent) has an Internal website on SharePoint Online. Employees of the second company (child) have to get access to this website. Someone else shouldn't have rights.


Standard approach of Azure B2B "invite each user" is not a suitable option. You (or someone else) can't (it's possible, but I assume you do not want this) manually send an individual invitation for each new user of child company.

Is there another way? Yes, but it's not perfect.

The solution

Microsoft Clouds (Office 365 and Azure) are constantly updated. The information from the post is current as of 25.07.2021.

In our case greater convenience gives us Identity Governance of Entitlement Management. Pay attention - entitlement management require Azure AD Premium P2 license (included in Microsoft 365 E5 pack).

Step 1 - Configue SharePoint website

This step is performed in SharePoint Online Admin Center (https://<tenantname>-admin.sharepoint.com) of parent company.

Limit external sharing by domain of child company.

Microsoft article - https://docs.microsoft.com/en-us/sharepoint/restricted-domains-sharing


Step 2 - Connect the partner organization

This step is performed in Azure Active Directory of parent company.

This is the main part of the story. You just need to follow the instructions from Microsoft article https://docs.microsoft.com/en-us/microsoft-365/solutions/b2b-extranet?view=o365-worldwide.



As a result, you will get the "My Access portal link". This is a universal link for invite anyone from child company.


Step 3 - Get access

This step is performed by users of child company.

If the Access package (in parent company) is not hide each user of child company on My Access portal should see (takes some time) a request that should accept.

Or you can use the "My Access portal link". Just send it to all users who would access SharePoint site of parent company.


In a few minutes (takes some time) users could try to access the website. Then accept the requiest and  that's it.


Conclusion

From my point of view sharing resources between related organizations should be simple and silent, without any additional actions from users. But at the moment I don't find other ways.

I have prepared a scheme of my test envieronment for clarity.

Hope it helps someone.


No comments:

Post a Comment