Hello, 

We are currently implementing "tenant restrictions" to limit the external Office 365 tenants accessible from a corporate worksations. 

https://docs.microsoft.com/en-us/azure/active-directory/manage-apps/tenant-restrictions

However, we don't know how to monitor the flows towards whitelisted tenants (to avoid unwanted data leakage): 

- The proxy is not able to differentiate our tenant from other tenants (except for SharePoint with url tenant.sharepoint.com) for Exchange and Teams services

- I don't think that Office DLP for Endpoint is able to differentiate our tenant from other tenants

- Maybe Risk Insider Management ? (but what are the prerequesites in addition to the E5 licenses?)

- Maybe an other option ?

Thanks in advance