The Azure AD teams keeps on delivering on important features, the latest one being the ability to "lock" your users to only use specific Office 365 tenant. This is done by inspecting the logon request and validating the value of two headers, Restrict-Access-To-Tenants and Restrict-Access-Context.

The blog announcement is here: https://blogs.technet.microsoft.com/enterprisemobility/2017/01/31/new-enhanced-access-controls-in-az...

Detailed instructions as well as an easy to use software-based proof of concept method can be found here: https://docs.microsoft.com/en-us/azure/active-directory/active-directory-tenant-restrictions