Tenant isolation answers the question, How is my data separated from other organizations?
Microsoft 365 enables customers to share physical resources such as computing power and storage in a model called multi-tenancy. In order to isolate one organization's data from another, several forms of protection are implemented, such as the following:
- Logical isolation through Azure Active Directory
- Encryption for data at rest
- Encryption for data in transit
The tenant is a logical security boundary, and all information and data related to that organization are held within that container. You can learn more about how Microsoft's tenant isolation procedures are used to separate organizations' data at https://docs.microsoft.com/en-us/office365/Enterprise/office-365-tenant-isolation-overview.