How to Perform Cross-Tenant Synchronization in Microsoft Entra ID (Azure Active Directory)?

Written By Shelly Bhardwaj
Approved By Shaun Hardneck
Updated on 28 Oct 2025
Min Reading 4 Min

When migrating data from one Office 365 (Microsoft 365) tenant to another if you want to maintain the same user access, you can synchronize the Microsoft Entra ID. During this process, you have to migrate both the users and the data but there are other goals that you would need to consider, such as:

Migrating all the data such as user mailboxes, archives, shared mailboxes, and public folders.
Maintaining access of the users during the process and to minimize the downtime.
Preserving security and audit trials

In this article, we will be discussing how to perform cross-tenant synchronization in Microsoft Entra ID.

Process to Perform Cross-Tenant Synchronization in Microsoft Entra ID

Follow the below stepwise process to perform synchronization in Microsoft Entra ID when migrating from one Office 365 tenant to another.

Note: To perform the process, you must have the Global Admin rights on the source and the target tenants.

1. Preparation Work

During the preparation work, you would need to get an inventory of the users which will be migrated. After this is complete, you would need to make an inventory of what will be migrated and what will be archived or transferred as a shared mailbox.

2. Enable the Cross-Tenant Settings

The next step is to enable the cross-tenant settings. For this,

Go the Microsoft Entra Admin Center and log in as the global domain.
Click on Identity.
Click on External Identities.
Click on Cross-tenant access settings.
Once you’re on the page, click on Inbound and Outbound settings to allow B2B collaboration and B2B direct connect.
Next, define trust settings for Multi-Factor Authentication (MFA), for the device compliance and any other security features.
Once this is complete, add the partner tenant and configure granular access policies which will allow the user access on the resources.

Note: Security features should match the source and the destination with either conditional access rule or tenant security settings.

3. Configure Cross-Tenant Synchronization

In this step, you need to configure the cross-tenant synchronization. To do so,

Go to the destination tenant and open Identity > External Identities.
Click on Cross-tenant synchronization.
Once logged in and the page is opened, click on the plus button to add synchronization configuration.
Next, enter the following information to setup the source.
- Source Tenant ID.
- Display Name of the source tenant.
- Synchronization frequency from source to destination.
Now, you need to define the User Scope with the following requests.
- User selection with either synchronize all users or filter by group.
- Alternatively use attribute filter as well.

As a best practice, it is important to use groups to filter out only the users which need to be synchronized to simplify the audit process and reduce the margin of errors.

4. Assign Permissions in Source Tenant

In the source tenant, you need to setup the permissions to grant the target tenant synchronization access. This can be achieved by Microsoft Graph, which is the API to manage the Microsoft 365 and Azure infrastructure. The below permissions must be set:

User.Read.All
Group.Read.All
Directory.Read.All

5. Validate the Synchronization

To validate the synchronization, you can run a manual sync on test users. This will allow the admin to check the synchronization as well as check the display name, UPN suffix, and group membership of the synchronized user.

6. Data Migration

Now that the users have been synchronized, the next step is to move the data. There isn’t a straight forward migration method. One method would be to use Microsoft Outlook or the eDiscovery service to export the mailboxes to PST. After this, import the PST files into the new tenant by uploading the files to a blob storage or by using Microsoft Outlook.

There are a number of challenges you could face and a number of points of failure. There could be loss of data, missing data, and delays in the migration project, which would lead to business loss.

When looking at this, a migration project should be a smooth and seamless task to ensure data integrity. One should explore third-party tools which are specialized in this kind of migration jobs. With Exchange migration tool such as Stellar Migrator for Exchange, you can achieve seamless and smoother migration with complete data integrity. With this tool, you can achieve the following:

Migrate data from one local Exchange Server to another Exchange Server.
Migrate data from local Exchange Server to Office 365.
Migrate data from Office 365 to local Exchange Server.
Migrate data from one Office 365 to another Office 365 tenant.

The tool allows the users to migrate user mailboxes, user archives, and public folders with ease and without any scripting. It offers real-time and post-migration reporting. This reduces the complexity of the data migration process and ensures that all the required data will be transferred completely to the destination.

Conclusion

In this article, we have seen how to migrate the data and synchronize the users from one Office 365 tenant to another. Be it a merger or split of a company, it’s imperative to ensure that the migration process is as smooth as possible. You can use an Exchange migration tool, like Stellar Migrator for Exchange, to migrate data from one Office 365 tenant to another with complete integrity and finish the project without delays and with no complexity.

Was this article helpful?