RM Cloud Service Delivery can assist you with your RM Unify AD Sync installation. For further information, please speak to your Sales representative on 01235 645 316 or email getintouch@rm.com, quoting this article.

AD type	Microsoft 365 tenant topology	RM Unify - supported
Single school	Tenant per school.	Yes with AD Sync v3 and later. See the 'Distributed AD - Private M365' section below.
	Shared tenant with other schools (with shared or individual domains within that tenant)	Yes with AD Sync v3 and later. See the 'Distributed AD - Shared M365' section below.
Multi-site	Tenant per school.	Yes with AD Sync v3 and later. See the 'Multi-site AD - Private M365' section below.
	Shared tenant with other schools (with shared or individual domains within that tenant)	Yes with AD Sync v3 and later. See the 'Multi-site AD - Shared M365' section below.

RM Unify does not support the provisioning of users from the same RM Unify establishment into separate Microsoft 365 domains. For example, you cannot provision Unify School A students into students.school.com and Unify School A staff into staff.school.com.

In Microsoft 365, by default, child domains inherit their authentication type and SSO federation settings from their parent domain. This means that if the parent domain is managed, i.e. users are authenticated by, and sign in directly to, Microsoft 365, then the child domain will inherit that too. Microsoft can break inheritance for a sub-domain, making it independent of the parent domain, via a Service Request. Once inheritance is broken, it would allow, for example, lower.school.com to be federated to RM Unify whilst school.com remained managed.