In the Dutch energy sector, grid operators aren't competitors. They maintain critical national infrastructure and need to collaborate closely. So when the ask came to build a shared Microsoft Entra ID tenant where multiple organizations could work together securely, we had to rethink a lot of assumptions about how B2B collaboration is typically set up. This session walks through the architecture and security decisions behind a production multi-organization resource tenant. Every user, including administrators, enters as a B2B guest from their own home tenant. There are no local identities. Access governance, authentication controls, and tenant hardening all had to be designed from scratch for a shared environment where no single organization owns the users. We'll cover how we structured access governance using Entitlement Management, how we approached Conditional Access for an environment with multiple audiences and varying trust levels, what tenant hardening looks like when you need to balance collaboration with security, and the practical problems we ran into along the way. If you've ever had to design identity architecture where multiple organizations share a tenant and security can't be an afterthought, this one's for you.