I wanted to combine G Suite with an existing Microsoft 365 Tenant. Due to License Constraints we were only allowed to use Microsot 365 for a limited number of persons, so we decided to use G Suite for the rest. So this was the plan:
- Don't limit the Microsoft 365 services for everyone who is eligible to get such an account
- Give everyone, including the above mentioned Microsoft Users, the ability to use the Google Service (additionally)
- Have ONE single system to set up User Accounts for both services
- give everyone access to an email box with Google OR Exchange Online
- Use SSO for existing third party applications
The problem is that this would require Azure AD entities with a verified domain but hosting emails of this domain on Google Servers which is not normally intended. The solution I came up with was this:
- Enter the additional Google users as Azure AD Entities but don't assign a Microsoft 365 licence
- Give these persons a different subdomain, like cloud.example.com instead of eample.com
- Verify both domains for Google AND Microsoft
- Link Azure AD and Google by following these steps
- Now generate the additional users in Azure AD as UPN@cloud.example.com
- Set MX DNS entries to point to Microsoft 365 for both subdomains
- Follow these steps to forward incoming emails to the Google inbox for the subdomain cloud.example.com
I hope I'll remember this in the future if I need to change something in this process :/