Power Platform · cross-tenant sync

Move solutions between tenants in seconds, not tickets.

TenantSync keeps Dataverse solutions, flows, connections, and tables in lockstep across your Microsoft 365 tenants — bidirectional, conflict-aware, and tokens that never leave the server.

Start Free Trial → See how it works
SOURCE TENANT org2d79…crm.dynamics solution · flows · tables TS ORCHESTRATE hash · direction · import TARGET TENANT org7d7e…crm.dynamics ✓ in sync · just now
✓ Synced a_to_b · direction auto-detected · 1 pair · tokens never touched the client
85–130s
Full cross-tenant sync
AES-256
Tokens encrypted server-side
2-way
Bidirectional, direction-aware
$0
Free tier, forever
How it works

One click. Three phases. Zero manual export.

Here's a sync running: the extension exports locally, the server orchestrates, the target updates — click a phase to jump.

tenantsync — live sync
$ tenantsync sync --source org2d79 --target org7d7e
# [01] exporting solution from source…
  ✓ exported TenantSync_Test · 64KB
# [02] orchestrating…
  hash a/b · direction a_to_b · conflicts 0
# [03] importing to target…
  ✓ imported · publishing workflows
✓ synced a_to_b · 96s
Built for real cross-tenant work

Everything stays in lockstep.

Cross-tenant
Tenant A → Tenant B
solutioncopied
cloud flowscopied
connectionsmapped
Bidirectional
A
B
directiona_to_b
viamodifiedon
Newest side wins — no metadata-drift mistakes.
Conflict-aware
Both sides changed?
hash A
hash B
Flagged for review — never a silent overwrite.
Secure by design
Tokens stay server-side
refresh_tokenAES-256-GCM
client accessnever
The extension exports; it never holds target creds.
01 — Cross-tenant

Solutions, flows, and connections — moved as one.

Sync entire Dataverse solutions across separate Microsoft 365 tenants. Flows, tables, and connection references travel together, so the target environment just works.

SolutionsDataverse managed + unmanaged
FlowsCloud flow definitions
02 — Bidirectional

Two-way sync that knows which way to go.

Direction is detected from Dataverse modifiedon timestamps, not fragile ledger hashes — so the most recently edited side wins, every time, without you choosing.

a_to_b / b_to_aAuto-detected
One directionPer sync cycle
03 — Conflict-aware

When both sides change, you decide.

If source and target both diverged since the last sync, TenantSync flags the conflict instead of guessing. No silent overwrites of someone else's work.

Hash-basedCRC-32, volatile-filtered
ReviewBefore any import
04 — Secure

Target tokens never touch your browser.

Refresh tokens are encrypted at rest with AES-256-GCM and used only server-side. The extension exports the source locally and hands off — it never holds credentials for the target tenant.

AES-256-GCMPer-customer keys
Device-codeAzure AD auth
In the box

More than a sync button.

A full operations layer around every cross-tenant sync.

Anti-abuse · org registry

Every tenant, tracked.

Unique Dataverse org URLs are registered per customer with a lifetime cap — so trials can't be farmed and limits actually hold.

org2d79…dynamics registered
org7d7e…dynamics registered
orgd8e4…dynamics 3 / 6 used
Notify

Teams alerts

Sync success, failure, or conflict — straight to a channel.

Pro

Scheduled & auto-sync

Set an interval and walk away.

Audit

Activity log

Every sync event recorded with direction and outcome.

Auth

Device-code sign-in

Standard Azure AD — no secrets pasted around.

At a glance

A 5-tab health dashboard

Status, pairs, orgs, activity, and token health — the whole sync estate in one popup.

Built for teams running Power Platform across tenants
Atlas Cloud Meridian Brightwork Orbit Systems Vellum Halcyon
Security

Your customers' tenants, handled with care.

Moving solutions between tenants means handling credentials. We designed for that from day one — and reviewed it end to end.

🔒

Tokens encrypted at rest

Refresh tokens are sealed with AES-256-GCM using per-customer keys — never stored in plaintext, even in logs.

🛡️

Client never holds target creds

The extension exports the source locally and hands off; only the server ever talks to the target tenant.

🔑

Azure AD device-code auth

Standard Microsoft sign-in, with token scopes restricted to exactly what a sync needs — nothing broader.

Hardened & verified

Origin-locked token capture, signature-verified webhooks, and SSRF-guarded server calls.

tenantsync — token vault
# captured from a live Dataverse request
token = "eyJ0eXAi…" // in-browser only
encrypt(token, customerKey)
  → "enc:aes-256-gcm:9f3c…"
# stored server-side, per-customer key
✓ sealed · client never sees target creds
Pricing

Start free. Upgrade when you scale.

No card to start. Free forever for a single sync pair.

Free
$0 / forever
For a single cross-tenant pair.
  • 1 sync pair
  • 10 syncs per day
  • Bidirectional, direction-aware
  • Conflict detection
  • Manual sync
Get Started Free
Most popular
Pro
$10 / month
For teams running many tenants.
  • 10 sync pairs
  • Unlimited syncs
  • Auto & scheduled sync
  • Teams notifications
  • Email support
Start Pro

Stop hand-migrating solutions between tenants.

Install the extension, connect two tenants, and run your first cross-tenant sync in minutes. Free to start.

Start Free Trial →