Forum Discussion
Block users from becoming Guest in another Office 365 Tenant
This feature is in preview now.
Have a look at cross tenant access policies:
https://docs.microsoft.com/en-us/azure/active-directory/external-identities/cross-tenant-access-overview
This is a tad mind blowing. Tenant restrictions works for networks which enforce proxy or VPN for all corporate devices. But what about mobile devices, which it's rare to see companies enforce mobile VPN.....well....if someone invites a user to their tenant and they accept it, they can connect via Teams on mobile and get around the corporate containerization by uploading OneDrive documents into the "B2B" team!??! Yes. This is an unfortunate hole in the security architecture. Also, not to mention this "collaboration" bypasses any retention policies setup by the account owner / tenant. So all in all, it's a bad idea to not give account owners the option to BLOCK third parties from adding their users as guests....