| title | description | author | manager | ms.service | ms.subservice | ms.topic | ms.date | ms.author | ms.custom | ms.reviewer |
|---|---|---|---|---|---|---|---|---|---|---|
Characteristics of multitenant interaction |
Understanding the data independence of your Microsoft Entra organizations |
barclayn |
amycolannino |
entra-id |
users |
conceptual |
11/15/2023 |
barclayn |
it-pro |
sumitp |
In Microsoft Entra ID, part of Microsoft Entra, each Microsoft Entra organization is fully independent: a peer that is logically independent from the other Microsoft Entra organizations that you manage. This independence between organizations includes resource independence, administrative independence, and synchronization independence. There's no parent-child relationship between organizations.
- If you create or delete a Microsoft Entra resource in one organization, it has no effect on any resource in another organization, with the partial exception of external users.
- If you register one of your domain names with one organization, you can't use it for any other organization.
If a non-administrative user of organization 'Contoso' creates a test organization 'Test,' then:
- By default, the user who creates an organization is added as an external user to that new organization, and assigned the Global Administrator role.
- The administrators of organization 'Contoso' have no direct administrative privileges to organization 'Test,' unless an administrator of 'Test' specifically grants them these privileges.
- If you add or remove a Microsoft Entra role for a user in one organization, the change doesn't affect other roles. For example, roles that the user assigns in any other Microsoft Entra organization.
You can configure each Microsoft Entra organization independently to get data synchronized from different AD forests, using the Microsoft Entra Connect tool. See topologies for Microsoft Entra Connect for more information on supported topologies when there are multiple Microsoft Entra tenants.
- Sign in to the Microsoft Entra admin center as at least a Tenant Creator.
- Browse to Identity > Overview.
- Select Manage tenants.
- Choose Create.
- Select Workforce and provide the requested information. Microsoft Entra ID creates a new organization and appears in the list of organizations.
Note
Unlike other Azure resources, your Microsoft Entra organizations are not child resources of an Azure subscription. If your Azure subscription is canceled or expired, you can still access your Microsoft Entra organization's data using Azure PowerShell, the Microsoft Graph API, or the Microsoft 365 admin center. You can also associate another subscription with the organization.
[!INCLUDE Azure AD PowerShell deprecation note]
For Microsoft Entra ID licensing considerations and best practices, see What is Microsoft Entra ID licensing?.