Multiple Office Locations – Using Azure AD tenants effectively
Say you have two or more locations – one on the east coast and one on the west coast – that need to share a common Azure Subscription and a common Azure AD tenant. And your Azure AD tenant consists of users and device objects
Domain name – Best Practice – Associate the single subscription with a single named tenant – mycorp.com.
Premium Licenses – Assign a single AAD premium P2 license for each user.
Privileged Access Management – AAD PIM should be activated across the tenant
Azure Security The free version of Azure Security has been deployed
Define Security Groups in the AAD Tenant – per location
– SecGrpEastCoast – Dynamic user memebership for all east coast Users. Enable Access to AAD apps and azure resources
– SecGrpWestCoast – Dynamic User Membership for west coast users. Enable access to AAD apps and azure resources
This will enable you to manage the two locations individually (using security groups), while also providing a common set of security guardrails (Azure security) and common Privileged Identity Management.
Leave a Reply