Student user objects are discoverable only within the tenant the object resides in. Usage reports and audit logs are contained within a tenant. May limit the impact of compromised administrator or user accounts. May limit the impacts of an administrative security or operational error affecting critical resources. For organizations with 1 million or more user objects, we recommend multiple tenants using a regional approach.Ĭreating separate tenants has the following effects on your EDU environment. We strongly recommend organizations with fewer than 1 million users create a single tenant unless other criteria indicate a need for multiple tenants. Minimize the need for users to move from one tenant to anotherįocus on ensuring student data is secure.įollow the principle of least privilege: grant only those privileges necessary to perform needed tasks and implement Just in Time (JIT) access.Įnable external users access only through Entitlement Management or Azure AD B2B collaboration.ĭelegate administration of specific tasks to specific users with Just Enough Access (JEA) to do the job. Standardize architecture, configurations, and processes across tenants to minimize administrative issues. Reduce reliance on on-premises infrastructure and multiple identity providers.Įnable users to unlock their account or reset passwords using self-service (for example, Azure AD self-service password reset). When designing your multi-tenant architecture, consider the following design principles to reduce costs and increase efficiency and security: However, for organizations that have over 1 million users we recommend a multi-tenant architecture to mitigate performance issues and tenant limitations such as Azure subscription and quotas and Azure AD service limits and restrictions. A single-tenant architecture is recommended for smaller institutions.
0 Comments
Leave a Reply. |