This post is part of a series highlighting Practical 365 authors who will also be presenting on this topic at The Experts Conference 2022 in Atlanta, September 20-21. Practical 365 is a proud sponsor of TEC and its mission to provide practical and actionable Microsoft 365 insights and training for the IT manager and administrator. 

Microsoft Attempts to Solve the M&A Domain Sharing Challenge  

If you are asked to configure shared email domains cross-tenant to support a merger, acquisition, or divestiture, then you might be aware that Microsoft has historically only allowed a domain to be added to one tenant at a time, requiring you to consider a third-party email rewrite service to provide domain sharing. 

Fortunately, Microsoft has acknowledged the need for a native solution and has released Cross-Tenant Domain Sharing functionality to select customers for private preview (Microsoft roadmap item 67161). Once this feature is released to the public, which is currently planned for November 2022, then you will have a native domain sharing option similar to the Shared SMTP Namespace functionality available with on-Premises Exchange Servers. 

Native Cross-Tenant Domain Sharing for Exchange Online 

Microsoft provided some initial details to the public regarding this solution’s expected architecture and some of the configuration and management tasks you must perform when utilizing native cross-tenant domain sharing functionality.  As long as Microsoft does not make any major changes before releasing it to the public, you will be able to follow the steps in the example below to enable cross-tenant domain sharing for a single SMTP domain. 

The domain will be Authoritative in the Tenant where you perform the primary domain management. Once you enable the domain for cross-tenant domain sharing, you will be able to add the domain as an Internal Relay in additional tenants. Internal Relays are a new addition to Exchange Online but are a familiar concept if you have worked with an on-Premises Exchange Server.  

Cross-Tenant Domain Sharing Configuration 

You will start by enabling domain sharing for contoso.com in Tenant A so that you can assign contoso.com as a Primary SMTP address to the mailboxes in Tenant B. 

  1. Add contoso.com as an Accepted Domain in Tenant A before adding it to other tenants 
    • Domain appears as Type: Authoritative 
  1. Configure contoso.com in Tenant A to allow sharing with Tenant B 
    • Microsoft will provide full details for this task once the feature is public 
  1. Add contoso.com as an Accepted Domain in Tenant B 
    • Domain appears as Type: Internal Relay 
  1. Configure Inbound Connectors are in each tenant to trust the opposing tenant 
    • Tenant A connector configuration:  
      • SenderDomains={smtp:contoso.com;1} 
      • TrustedOrganizations={smtp:fabrikam.onmicrosoft.com;1} 
    • Tenant B connector configuration:  
      • SenderDomains={smtp:contoso.com;1} 
      • TrustedOrganizations={smtp:contoso.onmicrosoft.com;1} 
  1. MX Record for contoso.com points to Tenant A 
    • Inbound messages for all contoso.com addresses will deliver to Tenant A and then routed to Tenant B 

Primary SMTP Address Assignment 

With the cross-tenant domain sharing architecture in place, you can now start to assign contoso.com email addresses to mailboxes in Tenant B, which has fabrikam.com as an Authoritative Accepted Domain. 

  1. Create a mailbox in Tenant B, which will have a UPN for a domain that is owned by Tenant B 
  1. Set the Primary SMTP on the mailbox in Tenant B to a unique contoso.com address 
    • Example: bob@contoso.com 
    • Microsoft will provide full details for this task once the feature is public 

The user is now able to send emails from his mailbox in Tenant B as bob@contoso.com even though that domain is managed by Tenant A. 

Learn about the “5 Trends with M&A Cross-Tenant Coexistence” with this post’s author Becky Cross at The Experts Conference 2022, September 20-21 in Atlanta, GA.

View Agenda

Tenant to Tenant Migration Considerations  

The release of native cross-tenant domain sharing will provide a much-needed solution for configuring long-term coexistence across multiple tenants, allowing you to enable consistent branding for users sending and receiving emails from separate tenants. 

However, if you are also planning tenant-to-tenant migrations, enabling cross-tenant domain sharing will introduce some additional tasks and complexities to consider when it comes time to perform your mail migrations and SMTP domain migrations.  Companies that provide third-party migration tools are expected to start including this scenario in their product development to help address these new complexities, which are described in more detail below. 

Mail Migration Considerations 

The first important consideration is that you will need to change the timing of moving the Primary SMTP address from a mailbox in one tenant to another for users that need to maintain their existing email identity.   

Currently, you must complete this task as part of an SMTP domain migration event since the domain cannot be shared across tenants. However, once you implement cross-tenant domain sharing, you will need to perform this step as part of the mail migration event since the specific Primary SMTP address should not be assigned to more than one mailbox at a time. If your mail migration tool does not have an option to automatically update the source and target Primary SMTP addresses for mailboxes using shared domains, then you should include a task in your migration plan to perform these changes yourself. 

SMTP Domain Migration Considerations 

The second important consideration is the impact that cross-tenant domain sharing can have on migrating SMTP domains from one tenant to another. 

Microsoft will not let you remove a domain from a tenant until you remove the domain from all objects where it is used as a UPN or email attribute.  If you enable cross-tenant domain sharing, then objects in other tenants are also using the domain being moved. It will become very important to understand exactly where the shared domain is being used across all tenants when performing your SMTP domain migration planning

After you complete a domain migration for a shared domain, you will also need to reconfigure your tenant domain sharing relationships and possibly reconfigure the individual objects using the shared domain.  Once the native cross-tenant domain sharing functionality is fully released to the public, you can expect domain migration tools to report on all shared objects and to provide guidance for any tasks that cannot be automated and would need to be performed manually. 

Comparing to Third-Party Solutions 

As Microsoft continues to release features like cross-tenant domain sharing and Teams shared channels, you gain access to new options for solving your merger, acquisition, and divestiture needs. You might also identify opportunities to reduce reliance on third-party products. Native cross-tenant domain sharing is expected to be a viable alternative to third-party email rewrite services for meeting long-term coexistence needs with simple setup and management.  

For overall tenant-to-tenant migration planning, you should evaluate and test the standalone native features against third-party solutions to determine whether you can benefit from the task automation and integration that comes with a comprehensive tenant-to-tenant product. Often, your migration project’s answer is a balanced combination of both.  

Join Becky at TEC 2022 in Atlanta for More! 

Tenant-to-tenant migrations are not for the faint of heart. If you have a migration on the horizon or are in an acquisition-hungry environment, join the tenant migration experts at The Experts Conference 2022 to get a head start. Join Practical 365 author Becky Cross as she delivers the “5 Trends with M&A Cross-Tenant Coexistence.” Check out her session abstract: 

Cross-Tenant coexistence services have been static for a fairly long period, consisting primarily of limited GAL sync and free/busy services and maybe Domain sharing using address rewrite technologies. However, some emerging technologies will soon change much of what tenant administrators normally do to prepare their Microsoft 365 environments for collaboration during an M&A project. This session will help you prepare for them. 

Join Becky and the tenant migration experts at The Experts Conference 2022, September 20-21 in Atlanta, GA

About the Author

Becky Cross

Becky Cross is a Technical Product Management Senior Advisor at Quest Software. She is experienced with architecting migration and integration solutions and helps to guide product improvements that help companies achieve smooth integrations in today’s global workforce. Becky specializes in migrations, integrations, and long-term coexistence for Active Directory, Azure AD, and Office365 environments and workloads.

Comments

  1. Rich Watkins

    Great wirte-up Becky.. Thank you.

  2. Amit kumar sinha

    This is awesome

  3. Peter

    [link to Blog 1] missing

    1. Becky Cross

      Peter, thank you for letting me know about the missing link. It is corrected and now routes to the article that discusses email rewrite services.

Leave a Reply