Microsoft Bolstering Entra Cross-Tenant Access Settings

Update coming in Q3 will remove a limit on the number of partner collaborations.

Microsoft on Wednesday announced coming improvements to its Entra cross-tenant access settings capability for organizational collaborations.

Cross-tenant access settings specifically is an Entra External Identities (formerly "Azure Active Directory External Identities") feature that was commercially released last year. Organizations with trusted partners can simplify access by also trusting the partner's multifactor authentication protections for sign-ins, for instance. It also lets organizations enforce Entra Conditional Access policies on external users.

Note that Microsoft changed many, but not all, of its Azure Active Directory product names to "Entra" back in July, as described in this document.

The enhancements coming to the cross-tenant access settings capability, inspired by customer feedback, are expected to start arriving in "CY23 Q3," the announcement indicated.

For instance, Microsoft has eliminated a previous limit on the number of partners enabled via cross-tenant access settings. Microsoft now has a new model that sets up a policy for each partner. "With this new model, you can add as many partners as required," the announcement explained.

Microsoft also added the ability for organizations to set up custom roles for administrators of the cross-tenant access settings capability. "We've seen customers create a full cross-tenant access administrator, a partner administrator, and even a cross-tenant access reader," the announcement noted.

The permissions for IT departments to manage the cross-tenant access settings capability have now been "onboarded as protected actions." What that means is that management actions can be protected via Entra Conditional Access policies, Microsoft explained.

Another improvement will eliminate a confusing scenario where organizations with cross-tenant access settings blocking access to an organization could still send Entra B2B invitations to those organizations. Microsoft will now "respect your cross-tenant access settings" and these Entra B2B invites will fail.

About the Author

Kurt Mackie is senior news producer for 1105 Media's Converge360 group.


comments powered by Disqus

Subscribe on YouTube