Forum Discussion

Ben Hicks's avatar
Ben Hicks
Copper Contributor
Nov 10, 2016

Restricting client access to other Office 365 tenants

Hi,    When allowing connectivity into Office 365, is there a way to restrict access to a single a tenant? For the purposes of DLP I need to prevent internal machines logging onto any another email ...
Authentication
exchange
office 365
security
VasilMichev's avatar
VasilMichev
MVP
Nov 11, 2016

There's no way to do this in O365, even if you have AD FS in place. You can probably use a similar solution to what's described in the article, with inspecting all traffic to O365, but I wouldnt really recommend such approach. As Dean mentioned, there are plenty controls available as part of O365 or additional services to secure access to your data, one of them (or a combination) should meet your needs.

  • Pieter Rossouw's avatar
    Pieter Rossouw
    Copper Contributor
    Mar 22, 2022
    This is not true. Tenant Restrictions is the name of the technology to acheive this. Google / Bing "microsoft tenant Restrictions"
  • Chris Roth's avatar
    Chris Roth
    Copper Contributor
    Mar 08, 2017

    This article is pretty recent and describes how to perform tenant restrictions if you use a modern authentication client.  Enables you to restrict what tenants can be accessed from your network.

    https://docs.microsoft.com/en-us/azure/active-directory/active-directory-tenant-restrictions

    • VasilMichev's avatar
      VasilMichev
      MVP
      Mar 08, 2017

      Yup, now we do have options. It's great to see how many things can change around O365 in just few months!

      • Chris Roth's avatar
        Chris Roth
        Copper Contributor
        Mar 09, 2017

        Good an bad there.  Only works with your network as the accessing permiter.  Off your LAN/VPN it doesn't help.  Also you need Azure AD P1 licensing to use it.  And there is overhead with SSL decryption, inject a header, and encrypt to send it on its way.

Resources