Is my managed IT provider sharing my Microsoft 365 tenant with multiple customers?

We see this pop up as of late. A new customer reaches out to us to set up SharePoint or Microsoft Teams. After some discovery, we find a managed service provider is hosting the current email. Great, no problem. The next step is to create a new Microsoft 365 tenant and migrate their emails from hosted exchange to the new tenant. You get the best experience for Teams when your email is in the same tenant.

What we found

Upon more discovery, we find out that, in fact, the customer’s email is already in a Microsoft 365 tenant. Ok, maybe the managed service provider set them up with a Microsoft 365 tenant. No, this is is not the case. We find out that the customer’s email is being hosted by Microsoft 365 in the managed service’s tenant and many other customers.

What’s the problem, is this allowed?

Yes, this is allowed. However, we do not recommend doing this ever. Why? see the key reason below

• One of the main reasons is your managed services provider could be a 1 person shop, which is ok, but they will typically give someone else on the client-side admin access if something happens to them. But in this case, they cannot do this, as they have other company’s information in their tenant; this would be too much of a security risk.
• When you share a document within your company, it will indicate it’s from the managed services tenant’s company and essentially anyone in any company in that tenant you will be able to share to, leading to sharing something with someone you did not mean to.
• If there are multiple company’s in the same tenant, this will get messy very quickly. How do you control which company belongs to which site
• In the case of non-profits, you will not get the non-profit discount
• If you ever need a 3rd party to access your SharePoint site, Microsoft Teams, Azure Active Directory or any application in Microsoft’s ecosystem related to that managed services tenant on the admin side, you have no way of doing this as they will see everyone’s sites and data from every company. Again too much a privacy and security risk
• When it comes to SharePoint, your URL will always be in SharePoint under the managed services provider’s name, i.e. https://managedprovider.sharepoint.com; this becomes problematic when you want to create a new site for a team like finance, typically we would call this /sites/financeteam, but this will not be available as you have many other companies and one of them I am sure is already using /sites/financeteam
• e-discovery will be a nightmare; how do you separate which data belongs to who in an investigation?
• When we set up a client, we want to make it as easy as possible to change managed services providers.
• If you go down this road, you will never detach easily; you will always be tied to another company.
• There is no advantage to being in someone else’s tenant from the customer’s end, only disadvantages.
• Teams can grow quickly; many teams will be hard to manage and add multiple companies’ complexity in the same tenant.
• Your Boundaries are no longer your boundaries.
• Security
• Compliance, forget about using the Compliance Center in Microsoft 365
• Deleting wrong users
• Wrong access given
• This is an endless list…

How can I tell if my email, teams or SharePoint is being hosted in my managed service’s tenant?

3 quick ways:

Use this URL https://myaccount.microsoft.com/organizations and use your current username and password to log in; it will tell you the main domain being used.

1. In a browser, go to https://office.com.
2. Login
3. Click on the waffle in the left-hand corner.
4. Click SharePoint
5. The beginning of the URL before sharepoint.com will be the name of the tenant.

1. In a browser, go to https://office.com.
2. Login
3. Click your picture or initials in the top right-hand corner.
4. Click View Account
5. Click Organization

What should I do

Migrate your data from this tenant now. Do this before your sites, and teams get too complicated or issues arise.

Final thoughts

While this seems to mostly happens with smaller companies with no IT, it is happening. Please check to see if you are sharing a Microsoft 365 tenant. We feel quite strongly about this. If you need any guidance on what to do, please reach out to us. We would be happy to assist.