Each tenant represents an organization, and it is a fully independent resource. Every tenant that you create is logically separated from other tenants that you manage in a multi-tenant environment. Even if you are the common administrator for all these tenants, there
will not be any parent-child relationship between these tenants or directories.
Resource independence, administrative independence, and synchronization independence are there between the tenants.
Resource independence is when you create or delete a resource in one tenant; this action will have no impact on any other resource in another tenant.
However, there is a small exception that we discussed in the case of cloud identities from external directories . By default,
Microsoft Azure Entra directory doesn’t delete Guest users when they are deleted from their home tenant; however, we can set this up manually.
Administrative independence is when a non-admin user (say the user’s name is John) of tenant A creates a new tenant, say tenant B.
- John will be the Global Administrator of the tenant B as he created the new tenant. The user will be added as a user from external Directory. Here it says external tenant directory, because John is not from tenant B but from tenant A.
- Administrators of tenant A have no control over tenant B. If the users of tenant A need to access or manage tenant B, then John must invite these users to tenant B and give the necessary role. One thing to note here is that if the admins of tenant A takeover John’s account, they can access tenant B.
- Adding or removing an admin role in one tenant will not affect the role of the user in the other tenant. Here we’re not removing the user; we are adding or removing the Azure directory roles, which will have no impact on the other tenant, and all roles the user has in the other tenant will be retained.
- When it comes to synchronization independence, you can set up independent synchronization on each Azure Directories.