cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Restricting client access to other Office 365 tenants

Peter Heck - Admin
Copper Contributor

‎Jul 24 2018 01:01 AM

‎Jul 24 2018 01:01 AM

Restricting client access to other Office 365 tenants

Question based on the following article:

 

https://docs.microsoft.com/en-us/azure/active-directory/manage-apps/tenant-restrictions

 

We want to restrict access from our company network to only our 3 tenants (dev, test, prod). 

So first point is clear, I need to insert the list of tenants in the SSL header with the "Restrict-Access-To-Tenants" statement.

What is unclear for me is the second header I need to apply - the "Restrict-Access-Context", but which Tenant ID should I use?

 

Each tenant has it's own on-prem AD synced to AAD. 

 

Microsoft Germany has been asked too, but they seems to have problem to find the right person to answer (because of holiday seasons and fiscal year end).

 

Maybe someone here able to help?

 

Cheers Peter

Labels:
5,084 Views
0 Likes
3 Replies
Reply
3 Replies
Nestori Syynimaa

‎Jul 24 2018 03:22 AM

‎Jul 24 2018 03:22 AM

Re: Restricting client access to other Office 365 tenants

Hi Peter,

 

It seems that tenant restrictions is meant for a single tenant environment. That is, all users are authenticating against a single tenant. In this case, your users should authenticate always to prod tenant, even when using dev and test tenant's services. I don't think this would work in your scenario.

 

However, as the proxy is intercepting the traffic anyways, you may inspect the request and try to identify which tenant users are trying to access. The login username would be a good candidate for that. Based on that, you could give a correct tenant ID for the Restrict-Access-Context.

0 Likes
Reply
Vasil Michev

‎Jul 24 2018 10:35 AM

‎Jul 24 2018 10:35 AM

Re: Restricting client access to other Office 365 tenants

Afaik, it does support multiple tenants. However, that feature is available only in the "global", multi-tenant O365 instance, I'm almost 100% sure that the DE instance does not have it. So best check with the support team.

0 Likes
Reply
Peter Heck - Admin

‎Jul 24 2018 11:45 PM

‎Jul 24 2018 11:45 PM

Re: Restricting client access to other Office 365 tenants

Well - we are not hosted in the German Cloud but in the "normal" European Cloud. Will check back with Microsoft on this - thanks!

0 Likes
Reply