Forum Discussion
Block users from becoming Guest in another Office 365 Tenant
This feature is in preview now.
Have a look at cross tenant access policies:
Hi,
there is no "corporate containerization" in a cloud world, like you have on-Premises.
You new security objects are Identity, Data, and Devices that you can protect, depending on what the use case is.
Taking you example of upload corporate documents to a Team in a partner organization, even if you could restrict your users not being invited to a foreign tenant, what if they get an "real" user account in that foreign tenant ? They could upload the data anyway.
If you want to protect that use case, then protect your data so it can not leave your company or can not be read by someone outside even it is stored outsside.
You can do that with Information Protection (RMS) and other features from Microsoft.
One of the advantages of cloud is collaboration with others.
In fact the users gets an new identity object in the other tenant which is only authenticated by your tenant.
Security in a cloud world involves a new thinking, so either protect your data if thats the use case or protect your identity. Disallow users to be invited to another tenant is not a protection of your identity.
/Peter
I agree with Peter that Microsoft Information Protection with Information Rights Management is a best practices layered security approach and important to protecting your "crown jewels" within your company.
We now also have the ability to block or allow domains. See https://docs.microsoft.com/en-us/microsoftteams/manage-external-access
Dean