What Are Virtual Tenants? Why Does this Matter for Microsoft 365?
The idea of Virtual Tenants arose in networking as network services became virtualized, and these services could be divided as Virtual Tenants.
In the world of cloud and SaaS, you had multi-tenants where organizations divided and essentially shared a cloud service. In contrast, having a single tenant was a big advantage in terms of security, performance and governance.
“Single-tenant (or hosted) Software as a Service (SaaS) is an architecture where each company has their own instance of the software application and supporting infrastructure. Think of it like a neighborhood community developed by the same architect and engineer where each household has the ability to change and customize their property as desired. By having a single hosted instance the purchaser can tweak and customize the software to meet their needs,” explained ERP powerhouse SAP.
Microsoft 365 and the Single Tenant Problem
In the world of Microsoft 365, most shops have a single tenant. If they acquire companies, they may have multiple tenants. Here they usually merge the multiple tenants into a single environment to ease management, and promote collaboration and information sharing.
Having a single tenant creates a uniform ‘known’ environment, but comes with a host of issues. First, managing a single tenant that could have hundreds of thousands of users is immensely complex. Creating help and service desks for such a mass of users is likewise difficult, and these desks can become overwhelmed and non-responsive. Managing 0365 licenses across a distributed massive environment is inefficient and expensive at best.
Security is the biggest issue. If you have a single tenant with 300,000 users, an M365 admin can access data and settings from all 300,000 users. Every single M365 admin has that ability. If a hacker cracks an M365 admin’s credentials, they have that same power. Scary.
Enter Tenant Virtualization
Instead of a single, monolithic and unwieldy M365, a better idea is to virtualize the tenant the same way we use VMware to turn a single PC server into separate, dedicated servers based on virtual machines. In the case of M365, you should be able to create separate tenants based on geography, business unit, whatever.
As mentioned, the native M365 Admin Center is designed around a centralized management model for a single tenant. With the admin center provided by Microsoft, there is no way to merge different tenants, perhaps due to acquisition, from a management perspective so that administrators can monitor, report, and manage user accounts across multiple tenants.
The Pinnacle of M365 Virtual Tenants
Luckily, CoreView included Virtual Tenant, or tenant virtualization, in our M365 management software. With CoreView, you can combine different tenants and segment your users into new groupings, or Virtual Tenants, for more efficient management. Once you have those segments configured, you can grant a subset of actions to administrators who will ONLY be able to monitor and manage that subset of users. This way, administrators can use single sign-on to monitor and manage their assigned user community, even though they might be deployed on different tenants.
The Benefits of Virtual Tenants
With CoreView, IT can segment a single tenant into Virtual Tenants that might reflect a department, or a country, or region, or even a single location. By breaking into smaller groups, you can restrict what users can see and act on, making it much easier to manage than having to tackle the entire organization in one bite.
“Using a simple, intuitive interface, CoreView lets IT segment the Microsoft 365 tenant in myriad ways — for example, by department, business unit, or location. This is what we call a ‘Virtual Tenant.’ After these groups are set up, IT can dive deeper, using CoreView’s deep RBAC capabilities to define specific permissions for administrators who then can only perform certain tasks — and only against a specific subset of users,” explained Michael Morrison, CEO of CoreView. “In essence, IT can take the entire organization served by Microsoft 365 and break it into logical groups, or sub-tenants, perhaps based on Active Directory attributes. Once the organization is logically divided, regional admins can be assigned to the sub or Virtual Tenants.”
PROTECT YOUR M365 TENANT WITH COREVIEW
CoreView offers deep Microsoft 365-specific security protection, governance and compliance. Learn how we help with a personalized CoreView demo.
See how CoreView can help you with this
Learn more about securing and optimizing your M365 and other SaaS applications.