- 22 Aug 2024
- 1 Minute to read
- PDF
Set up your Microsoft Entra ID cross-tenant access settings
- Updated on 22 Aug 2024
- 1 Minute to read
- PDF
To ensure your security is up-to-date, we recommend that all users set a deny-all policy in your Entra ID cross-tenant access settings. This process will block all access to your tenant, except for trusted third parties like Red Canary, who require access to monitor your security. Follow these steps to set up this policy and add an exception for Red Canary.
What is a cross-tenant access setting?
Microsoft Entra organizations can use External ID cross-tenant access settings to manage how they collaborate with other Microsoft Entra organizations and other Microsoft Azure clouds through business-to-business (B2B) collaboration and B2B direct connect. Cross-tenant access settings give you granular control over collaboration with external Microsoft Entra organizations. They govern inbound, which is how others collaborate with you, and outbound access, which is how your users collaborate with external Microsoft Entra organizations.
For more information, see Overview: Cross-tenant access with Microsoft Entra External ID.
Configure a policy allowing Red Canary’s security operations team to access your tenant
Log into your Microsoft Entra dashboard.
From the search bar, type and then click External Identities.
From the navigation pane, click Cross-tenant access settings
Click Add Organization.
From the search bar, type redcanary.com. The tenant ID should be 7262c62d-8d32-4595-8d19-893ab6cb8d5c.
Click Add.
From the inbound access column, click Inherited from Default to view the Red Canary Root - redcanary.com name.
From the B2B collaboration section select Customize settings.
From the Access status section, select Allow Access.
From the Applies to section, select Select Red Canary Root - redcanary.com user and groups.
Click Add external users and groups.
Enter ddb64faa-bd9c-4c9e-aba4-e3ce02dbd01c.
From the dropdown select group.
Click the Applications tab.
From the Access Status section, select Allow access.
From the Applies To section, select All applications.
Click Save.