I am a little confused by the offline address book configuration with 2013 multi-tenant vs the 2010 multi-tenant. With 2010 we were removing "Authenticated Users" from having access and adding a security group for the company.

Is this still the same case with 2013? Remove Authenticated Users from having read access and then add a security group for the customer that needs access to that particular offline address book?

Hello,

Based on my known, you can do the same operation in exchange 2013.

The OAB management and administration is different in Exchange 2013. But in a multi-tenant Exchange organization, ABPs are introduced in Exchange 2010 SP2,which are used in Exchange 2013 to control user access to an address list, the global address list (GAL), and an offline address books (OABs) in the Exchange organization.