๐ก๏ธ๐งโ๐ผ๐๐Group - Multi tenant OneDrive Allowed users
What this group does ๐งชโ
Being in this group means one thing:
โI'm trusted (or at least important enough) to sign into OneDrive using another tenant.โ
Thatโs right. While the default policy
โ๏ธ๐ช๐งโ๐ผCP - OneDrive - Block other tenant signin says โnope, stick to your own tenantโ,
this group โ combined with the
โ๏ธ๐ช๐งโ๐ผ๐CP - OneDrive - Allow other tenant signin policy โ says:
๐ง โOkay, fine. But only for you.โ
๐ ๏ธ Group Configurationโ
| Setting | Value |
|---|---|
| Group name | ๐ก๏ธ๐งโ๐ผ๐๐Group - Multi tenant OneDrive Allowed users |
| Group description | Users in this group are explicitly allowed to sync OneDrive accounts from other tenants. This overrides the block policy. Membership requires documented customer approval. |
| Group type | Security |
| Membership type | Assigned |
๐ก SuperVision Tipโ
This group is manually assigned โ but that doesnโt mean it has to be a mess.
SuperVision supports user management across tenants, so you can assign this group consistently via:
- dynamic views
- rule-based grouping
- and automation across environments
All while using a recognizable naming standard (๐ก๏ธ, ๐, ๐) for clear intent.
โ๏ธ Still, make sure the customer signs off. Not just verbally โ we mean actual documentation.
๐ฏ Purposeโ
Used as an exception mechanism for users in:
- Mergers & acquisitions (๐๐)
- Multi-tenant collaboration environments (๐)
- Situations where โjust block everythingโ doesn't quite work
This group is assigned to users who need access โ not just want access.
โ ๏ธ Governance mattersโ
If you add someone to this group:
- You should know why
- The customer should know why
- And you should have a signed piece of paper somewhere that proves it
If you canโt explain whoโs in this group during an audit... maybe donโt add them in the first place.
๐ Related Policiesโ
- โ๏ธ๐ช๐งโ๐ผCP - OneDrive - Block other tenant signin
- โ๏ธ๐ช๐งโ๐ผ๐CP - OneDrive - Allow other tenant signin
๐ท๏ธ With great tenant access comes great compliance risk.