Tenant restrictions (Preview) - Tenant restriction settings

MVP

Tenant restrictions lets you control whether your users can access external applications from your network or devices using external accounts, including accounts issued to them by external organizations and accounts they've created in unknown tenants.

 

1683803079702.jpg

4 Replies
Thanks for sharing.

Am I interpreting this function correctly, as follows? With restrictions turned on, a user in my Contoso organization would not be able to log on to an application (for example, Azure Virtual Desktop) in another organization's tenant, even when using a user account issued by that other tenant.

Is documentation available on how this is enforced? Based on "from your network or devices," it seems this is an endpoint capability?
Correct, Tenant restrictions are not enforced until you've completed additional setup to enable TRv2 client side tagging with NaaS or Windows GPO or on your network or managed devices.

The documentation is not available yet.

@SvenAelterman today MS announced the public preview along with the documentation of that feature 

 

Tenant Restriction v2 is now Public Preview! - Microsoft Community Hub

We tested this Cross Tenant Restriction and it works good for Edge browser, but not for Chrome. It would be good if it can work for both at the same time.