Microsoft Entra ID · Identity Governance
Tenant Governance Administrator
Manages all capabilities in the Microsoft Entra Tenant Governance service for multi-tenant organization management.
Scope: Full administration of Microsoft Entra Tenant Governance service for multi-tenant scenarios
Permissions
- Manage all tenant governance capabilities
- Configure governance policies across tenants
- Manage tenant governance settings and configurations
- Create and manage governance relationships
- View and manage all tenant governance data
Common use cases
- Multi-tenant organization governance setup
- Cross-tenant policy management and enforcement
- Subsidiary and partner tenant governance
- Centralized compliance governance across tenant boundaries
- Multi-tenant identity lifecycle coordination
Best practices
- Document governance policies for all managed tenants
- Establish clear ownership boundaries between tenants
- Coordinate governance changes across tenant administrators
- Regularly audit cross-tenant governance configurations
- Use least privilege — assign Reader roles where full admin is not needed
Security considerations
- Cross-tenant governance affects multiple organizations — high impact if misconfigured
- Governance relationships can enable cross-tenant data and access flows
- Monitor for unauthorized governance relationship changes
- Ensure all tenant administrators are aware of governance policies