Office 365 - Pros and Cons of a Consolidated Tenant with Global User Dispersion
A single Office 365 tenant may not be sufficient for some organizations. In certain cases, a company may need to provision mailboxes or manage end users in more than one tenant.
Below is a detailed breakdown and summary of a single global Office 365 tenant versus multiple tenants. This assumes that there are two or more agreements in place.
As it exists today, a single Enterprise Agreement cannot have licenses allocated to multiple tenants without an exemption and Microsoft intervention to allow it. However, agreements made underneath that entity, such as a second Enterprise Agreement for a sub-company in another country or division of the organization can have its own tenant.
Single Global Tenant
- Single name space support.
Example: company.com is shared across the organization and everyone needs it as the primary email address. In this scenario, there is no way to provide a unified email address alias without all users existing in the same tenant.
- Single point of control and management - The proper implementation of Role Based Access Control allows for flexible controls to be put in place to manage licensing, users, and services such as Exchange.
- Branding controls for portal pages and SharePoint sites is unified.
- Tenant location is nearest to the primary company listed as the contact location for Office 365. In some cases this is beneficial where the largest set of users exist in a specific office. Retail would commonly see this as a benefit, for example, where the corporate office contains most of the information workers.
- Perfect solution when a single directory for the entire company is leveraged for user, group, and device management.
- No flexibility in the location of the services today. All services such as Exchange, Skype for Business, and SharePoint are provisioned in the nearest datacenter to where the company's contact listing.
- Role Management is very cumbersome - even with groups.
- One directory and its trusted relationships can be synchronized, a third party tool must be used if the company has multiple directories and no trusts in place.
- Can be very complex when you are leveraging multiple AD forests and Trusts - Overlapping contacts and sync errors are common.
- Services can be very slow when global access is enabled. An example is Skype, which has a low tolerance for latency and is impacted significantly for users outside of the country where the tenant is provisioned.
- Global instances of Yammer and SharePoint can cause companies to rethink putting all collaboration sites in the cloud.
- Primary benefit is autonomy and control of your own portal and services underneath it.
- Performance on a per company / agreement basis is markedly better due to the location being closer to the sub-company.
- Provides less complexity about managing admin roles on a large scale and can be less cumbersome.
- In scenarios where the company is global and large sets of users are distributed, this provides the best performance on a per agreement basis.
- Managing licenses is much easier and based intimately on the way each company operates.
- No single namespace and consolidated company domain support exists today.
- Global policy adherence is very difficult to achieve since the policy setting company doesn't have a view into the settings.
- Multiple locations to manage licensing can have limitations if only a single Microsoft licensing agreement exists.
- Security of company information is in the hands of each company managing its own portal.
- Compliance configurations are hard to regulate and enforce on an individual and consistent level.
If you have any addtional questions or would like to discuss, please contact us.