68 Multi-tenant compartmentalization
A high-threat sub-population — a legal team, an investigative desk, an executive group — is moved into its own Workspace tenant, so a compromise of the main tenant reaches nothing in theirs. It is the strongest boundary available here, because it is the only one that is not a setting inside the thing being attacked.
Documentation: Best practices for planning accounts and organizations ↗
Caveats
This is a process control — it is carried out offline, so there is no Admin Console walkthrough to show.
Ongoing maintenance
- requires a human Quarterly: review the tenant map — which identities, data and controls live where — for drift.
How to verify
From a staff account in one tenant, attempt to access the other tenant’s resources — it must fail as an ordinary external, with none of the home tenant’s privileges carrying over.
v0.0.2Preventedition All (per-tenant $) policy #22 · #15 ↗