cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

445
Views
0
Helpful
5
Replies
Highlighted
Beginner

O365 Tenant restriction

Does the WSA, Umbrella or combination do 0365 tenant restriction ?

 

Thanks 

Brian

5 REPLIES 5
Collaborator

Re: O365 Tenant restriction

Tenant restriction, as in keep people from connecting to other tenants in O365?



No, not as a feature.



Umbrella can't as its only operating on the dns lookup, they don't proxy O365 connections as there are TOO many of them.



A WSA might be able to if all of the HTTP requests have a tenant specific element in the URL.




Re: O365 Tenant restriction

Hi Ken,

 

On WSA, is it possible to insert specific tenant ids on http header pointing on specific domains?

Can I do this via customheaders on advancedproxyconfig?

 

Thank you.

Beginner

Re: O365 Tenant restriction

ConstantinosP

Yes it is possible and not that hard. Hardest part is dealing with all the issues with other 3rd party cloud apps that use Azure AD to login. If you figure that part out let me know :) 

https://docs.microsoft.com/en-us/azure/active-directory/manage-apps/tenant-restrictions

 

 

Re: O365 Tenant restriction

Hi SgtD,

Is that easy to do http header insertion on WSA?

I cannot find a related topic on Cisco documentation. Could you please post a useful doc or link for me?

 

Thank you.

 

Beginner

Re: O365 Tenant restriction

Constantinos P,
Here is the link to the document I used https://docs.microsoft.com/en-us/azure/active-directory/manage-apps/tenant-restrictions I would read this first
The commands are pretty straight forward;
advancedproxyconfig
customheaders
new
Restrict-Access-To-Tenants: yourtenant.onmicrosoft.com
login.microsoft.com, login.microsoftonline.com, login.windows.net, login.microsoftonline-p.com
advancedproxyconfig
customheaders
new
Restrict-Access-Context: ########-####-####-####-############ <--insert your Azure AD Directory ID here
And don't forget to commit your changes