Upcoming Enhancements Microsoft Entra Cross-Tenant Access Settings

Microsoft Entra’s cross-tenant access settings functionality, used for organizational collaboration, is getting enhancements in the third quarter this year, according to an announcement on Wednesday.

As part of these improvements, Microsoft has eliminated a previous limitation on the number of partners enabled through cross-tenant access settings. Microsoft now has a new model that sets up policies for each partner. “With this new model, you can add as many partners as you need,” the announcement explains.

Microsoft also added the ability for organizations to set custom roles for administrators of the cross-tenant access settings feature. “We have seen customers create a full cross-tenant access manager, a partner manager, and even a cross-tenant access reader,” notes the announcement.

The powers for IT departments to manage the cross-tenant access settings feature are now “onboarded as protected actions.” What this means is that management actions can be protected via Entra Conditional Access Policy, Microsoft explains.

Another enhancement will eliminate a confusing scenario in which organizations with cross-tenant access settings that block access to an organization can still send Entra B2B invitations to those organizations. Microsoft will now “respect your cross-tenant access settings” and these Entra B2B invitations will fail.

Cross-tenant access settings are specifically a feature of Entra External Identities (formerly “Azure Active Directory External Identities”) that was commercially released last year. This functionality allows organizations with trusted partners to simplify access by also trusting the partner’s multifactor authentication security policy for logins. It also lets organizations enforce Entra Conditional Access policies on remote users.

Note that in July Microsoft changed many, but not all, of its Azure Active Directory product names to “Entra,” as described in this document.

Microsoft Entra implementation

At ALTA-ICT, we look forward to presenting these improvements to our customers. The changes to Microsoft Entra’s cross-tenant access settings will make it easier to manage who has access to your network and how. This provides further security and ease of collaboration with partners.

The addition of custom roles facilitates the distribution of management tasks and allows you to give your administrators the appropriate resources. At the same time, protecting management actions through Entra Conditional Access Policy provides an additional layer of security.

At ALTA-ICT, we understand that managing access settings can be complex. That’s why we’re ready to help you implement and manage these new features. Contact us today to learn how we can help you make the most of these new enhancements.