This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(118.4, 96%, 21%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESG%3C/text%3E%3C/svg%3E)
My company is growing and has created several LLCs for various product lines. The business intent is to spin off these companies into subsidiaries. It remains to be seen if they will be a "wholly owned" or "affiliate" type subsidiary.
I have to determine the best way to separate these potential subsidiaries within M365/InTune/Exchange/Azure/Defender/etc in a way that does not significantly increase our workload but also setup these subsidiaries so they can be severed from the parent company if/when that ever happens.
I have read all the documentation about multi-tenant orgs in EntraID. That seems fairly straight forward and will not result in a lot of duplicative work.
I am concerned about InTune, Exchange/Defender/Azure. Over the past 3 years we've rolled out just about every MDM and security tool available for corporate endpoints and Application Protection Policies for personal devices; we've published data labels, DLP policies, and sensitivity labels through Purview; we've added VDRs for SharePoint; we've employed Azure services for automation, access, and storage solutions; the list goes on and on.
Will there be a way for us to propagate those policies and configurations down to the subsidiary tenants, or will we have to recreate everything from scratch for inside each tenant?
P.S. Before posting this question, I reviewed the "similar questions" that display while drafting a new question. Those questions address the "how to" for multi-tenant management and do not answer my question.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(281.6, 17%, 37%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EGM%3C/text%3E%3C/svg%3E)
@Shawn Goodwin Just checking in to see if below information was helpful. If you have any further updates on this issue, please feel free to post back.
Please remember to "Accept Answer" if answer helped, so that others in the community facing similar issues can easily find the solution.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(44.800000000000004, 43%, 14%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EBJ%3C/text%3E%3C/svg%3E)
Hi, @ @Shawn Goodwin
Just checking in to see if the below answer helped. If this answers your query, please don’t forget to click "Accept Answer" which might be beneficial to other community members reading this thread. And, if you have any further query do let us know.
No, you will have to recreate them in each tenant. Or use some "configuration as code" third-party tool that can copy these across tenants. MTO simply does not cover any of these.
Would M365 Lighthouse work in this scenario?
Would M365 Lighthouse help in these scenarios?
Lighthouse is only available for partners, and doesn't cover anything on compliance/purview.