05-09-2019 06:18 AM
Does the WSA, Umbrella or combination do 0365 tenant restriction ?
Thanks
Brian
05-09-2019 08:14 AM
09-03-2019 01:41 AM
Hi Ken,
On WSA, is it possible to insert specific tenant ids on http header pointing on specific domains?
Can I do this via customheaders on advancedproxyconfig?
Thank you.
10-01-2019 10:21 AM - edited 10-01-2019 10:22 AM
ConstantinosP
Yes it is possible and not that hard. Hardest part is dealing with all the issues with other 3rd party cloud apps that use Azure AD to login. If you figure that part out let me know :)
https://docs.microsoft.com/en-us/azure/active-directory/manage-apps/tenant-restrictions
10-11-2019 05:39 AM
Hi SgtD,
Is that easy to do http header insertion on WSA?
I cannot find a related topic on Cisco documentation. Could you please post a useful doc or link for me?
Thank you.
10-11-2019 05:54 AM
06-09-2020 01:59 PM
Hi,
I have the custom headers added; but it still seems to let me login to Microsoft with non authorised tenant details.
is there a way I can verify this is working? Does it matter I have login.microsoftonline.com bypassing ssl inspection?
thanks
09-30-2024 11:17 PM
Hi Oban,
login.microsoftonline.com, login.microsoft.com and login.windows.net must be decrypted on the decryption policy.
Then you have to insert HTTP header as below:
advancedproxyconfig
customheaders
new
Restrict-Access-To-Tenants: yourtenant.onmicrosoft.com
login.microsoft.com, login.microsoftonline.com, login.windows.net
advancedproxyconfig
customheaders
new
Restrict-Access-Context: ########-####-####-####-############ <--insert your Azure AD Directory ID here
As the last step, you should passthrough the "login.microsoftonline.com, login.microsoft.com, login.windows.net" on the access policy.
It works like a charm!
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide