AD type |
Microsoft 365 tenant topology |
RM Unify - supported |
Single school |
Tenant per school. |
Yes with AD Sync v3 and later. See the 'Distributed AD - Private M365' section below. |
Shared tenant with other schools (with shared or individual domains within that tenant) |
Yes with AD Sync v3 and later. See the 'Distributed AD - Shared M365' section below. |
Multi-site |
Tenant per school. |
Yes with AD Sync v3 and later. See the 'Multi-site AD - Private M365' section below. |
Shared tenant with other schools (with shared or individual domains within that tenant) |
Yes with AD Sync v3 and later. See the 'Multi-site AD - Shared M365' section below. |
RM Unify does not support the provisioning of users from the same RM Unify establishment into separate Microsoft 365 domains. For example, you cannot provision Unify School A students into students.school.com and Unify School A staff into staff.school.com.
In Microsoft 365, by default, child domains inherit their authentication type and SSO federation settings from their parent domain. This means that if the parent domain is managed, i.e. users are authenticated by, and sign in directly to, Microsoft 365, then the child domain will inherit that too. Microsoft can break inheritance for a sub-domain, making it independent of the parent domain, via a Service Request. Once inheritance is broken, it would allow, for example, lower.school.com to be federated to RM Unify whilst school.com remained managed. |