I've got two O365 tenants: Tenant A, which is our primary and houses 99% of the business activity, and Tenant B for a recent acquisition. We have a crossover situation where User A needs access to both tenants, but they'd prefer to sign in once with their Tenant A account to avoid multiple MFA prompts, especially while using Outlook. Everything I've found suggests that the existence of separate mailboxes makes this a challenge, but I'm hopeful someone might have a workaround or solution. Any ideas? Thanks!
4 Answers
It sounds like your conditional access settings might affect this setup. I have two different tenant emails in my Outlook, and I don’t have to use MFA when I’m on-site at the office. It could be worth checking those settings to see if something can be adjusted.
If you make the Tenant A account a guest in Tenant B, you should be able to grant it delegation permissions for the mailbox there. But I'm not sure how splitting the emails while keeping them distinct will work out. It's a tricky situation for sure.
Yeah, I understand the concern. It's tricky because they need to keep emails separate while still accessing both. I'm hoping to find a good balance.
You might want to try adding the primary email from Tenant A as a guest in Tenant B and then give that guest account access to the mailbox in Tenant B. However, permissions for guest accounts can be tricky when it comes to email access. If that doesn't work, consider using different browsers for each tenant or set up shortcuts to make it easier to switch. That way, at least you can streamline accessing both without too much hassle!
Have you set up a trust between the two tenants to allow them to accept each other's MFA and compliant devices? That could also simplify the login process for User A.
I haven't done that yet, but that’s definitely something I’ll explore.
Good point! I didn't think about the conditional access settings. I’ll definitely look into that to see if it can help.