Forum Discussion
Restrict M365 App
Hello,
Users should be able to sign in only to test.com domain from M365 Apps and sign in to other domains should not be permitted.
For example : When the users launch excel/ M365Apps , they should be able to sign in to test.com domain and should not be able to sign in to any other domains.
Please advise if steps in below article will address the requirement
Ref : https://learn.microsoft.com/en-us/windows-365/enterprise/restrict-office-365-cloud-pcs
https://www.core.co.uk/blog/blog/restricting-access-office-365
Regards,
Ajit
- The Tenant restrictions feature is what you're looking for: https://learn.microsoft.com/en-us/azure/active-directory/external-identities/tenant-restrictions-v2
- ProSolutionsIron Contributor
VasilMichev , how are you doing today. Based on the information provided, it seems that the requirement is to restrict users from signing in to domains other than "test.com" when using Microsoft 365 Apps (previously known as Office 365 Apps). The articles you shared discuss different topics related to conditional access, but they might not directly address the specific requirement you mentioned.
To address your requirement for restricting sign-ins to a specific domain for a Microsoft product, the general approach remains the same regardless of the product name. Conditional Access in Azure Active Directory is the feature used to control and secure access to various Microsoft services and apps based on specific conditions and policies. To find the most accurate and up-to-date information for "Microsoft Entra," I recommend checking the official Microsoft website, product documentation, or contacting Microsoft support directly for the latest guidance on implementing Conditional Access or any other security-related features.
To achieve the desired outcome of restricting sign-ins to only the "test.com" domain, you can use Azure Active Directory's Conditional Access feature. Here's a general outline of the steps you can follow:
1. Verify the domain in Azure Active Directory:
Ensure that the "test.com" domain is added and verified in your Azure AD tenant.2. Create a new Conditional Access policy:
Go to the Azure portal (https://portal.azure.com) and navigate to "Azure Active Directory" > "Security" > "Conditional Access." Then, click on "New policy" to create a new policy.3. Assign the policy to users or groups:
In the policy settings, you can specify the users or groups to whom this policy should apply. Select the relevant users or groups, which might include all users or a specific subset.4. Configure the policy's conditions:
In the policy, you'll set the conditions for applying this policy. Look for the "Sign-in" section, where you can select "Users and groups," then choose "All users" (or the specific group you want to target).5. Configure the access controls:
In the same policy, go to the "Grant" section. Here, you'll specify the access controls. For this requirement, you want to "Block access" to all cloud apps. Add an "Include" condition and specify the single "test.com" domain you want to allow access to.After configuring the policy, ensure it is enabled so that it takes effect
6) Enable the policy: After configuring the policy, ensure it is enabled so that it takes effect.
Please note that the exact steps and options in the Azure portal might change over time due to updates and changes to the Azure Active Directory platform. Therefore, I recommend referring to the official Microsoft documentation for the most up-to-date and detailed steps on creating a Conditional Access policy. Have a wonderful night VasilMichev