You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: unified-secops-platform/mto-cross-cloud.md
+59-2Lines changed: 59 additions & 2 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -11,7 +11,7 @@ ms.collection:
11
11
- m365-security
12
12
- highpri
13
13
- tier1
14
-
ms.topic: conceptual
14
+
ms.topic: how-to
15
15
ms.date: 03/01/2025
16
16
appliesto:
17
17
- Microsoft Defender XDR
@@ -32,7 +32,64 @@ Cross-cloud visibility is available to government customers who have the applica
32
32
33
33
In addition, ensure that the trust multi-factor authentication (MFA) from Microsoft Entra tenants is properly configured to successfully access tenants in Microsoft Commercial cloud environments. To configure MFA, see [Change inbound trust settings for MFA and device claims](/entra/external-id/cross-tenant-access-settings-b2b-collaboration#to-change-inbound-trust-settings-for-mfa-and-device-claims).
34
34
35
-
Microsoft Entra tenants must also select the **Microsoft Azure Commercial** checkbox in the **cross-tenant settings for external identities** to ensure B2B collaboration. Learn more about B2B settings in [Manage external access with inbound and outbound settings](/entra/external-id/cross-tenant-access-overview#manage-external-access-with-inbound-and-outbound-settings).
35
+
### B2B collaboration settings
36
+
37
+
Follow these steps to configure B2B collaboration settings.
38
+
39
+
#### Home tenant settings
40
+
41
+
1. Sign in to the [Microsoft Entra admin center](https://entra.microsoft.com).
42
+
2. Navigate to **Identity > External identities > Cross-tenant access settings**, then select **Cross-tenant access settings**.
43
+
3. Select **Add organization**. Enter the tenant ID of the organization you want to add, then select **Add**.
44
+
45
+
Check that default settings and ensure that the following are enabled:
46
+
47
+
1. For the organization you added, select **Inbound access**.
48
+
2. Set B2B collaboration to **Block** for Access and Users.
49
+
3. On the Application tab, set access to **Block** and **Applies to all applications**, then select **Save**.
50
+
4. Select **B2B direct connect**, set access status to **Block** and **Applies to all users**.
51
+
5. On the Application tab, set access to **Block** and **Applies to all applications**, then select **Save**.
52
+
53
+
No other MFA Trust settings are required for the home tenant.
54
+
55
+
You then need to configure outbound access settings for the home tenant by following these steps:
56
+
57
+
1. In the **Cross-tenant access settings** pane, select **Outbound access**.
58
+
2. Configure B2B collaboration by setting access status to **Allow**.
59
+
3. In the **Applies to**, select any depending on your requirements.
60
+
4. Select **External applications** and set access status to **Allow**.
61
+
5. Set the **Applies to** to **All external applications**. Select **Save**.
62
+
6. Select **B2B direct connect** and set access status to **Block**.
63
+
7. In the **Applies to**, select **All users**.
64
+
8. Select **External applications** and set access status to **Block**.
65
+
9. Set the **Applies to** to **All external applications**. Select **Save**.
66
+
67
+
#### Target tenant settings
68
+
69
+
1. Sign in to the [Microsoft Entra admin center](https://entra.microsoft.com).
70
+
2. Navigate to **Identity > External identities > Cross-tenant access settings**, then select **Cross-tenant access settings**.
71
+
3. Select **Add organization**. Enter the tenant ID of the organization you want to add, then select **Add**.
72
+
73
+
Check that default settings and ensure that the following are enabled:
74
+
75
+
1. For the organization you added, select **Inbound access**.
76
+
2. Set B2B collaboration to **Allow** for Access and Users.
77
+
3. On the Application tab, set access to **Allow** and **Applies to all applications**, then select **Save**.
78
+
4. Select **B2B direct connect**, set access status to **Block** and **Applies to all users**.
79
+
5. On the Application tab, set access to **Block** and **Applies to all applications**, then select **Save**.
80
+
6. Select **Trust settings**, then select **Trust multi-factor authentication from Microsoft Entra tenants**.
81
+
82
+
You then need to configure outbound access settings from the home tenant by following these steps:
83
+
84
+
1. In the **Cross-tenant access settings** pane, select **Outbound access**.
85
+
2. Configure B2B collaboration by setting access status to **Block**.
86
+
3. In the **Applies to**, select **All users**.
87
+
4. Select **External applications** and set access status to **Block**.
88
+
5. Set the **Applies to** to **All external applications**. Select **Save**.
89
+
6. Select **B2B direct connect** and set access status to **Block**.
90
+
7. In the **Applies to**, select **All users**.
91
+
8. Select **External applications** and set access status to **Block**.
92
+
9. Set the **Applies to** to **All external applications**. Select **Save**.
0 commit comments