cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
3262
Views
0
Helpful
6
Replies

O365 Tenant restriction

gizbri
Level 1
Level 1

Does the WSA, Umbrella or combination do 0365 tenant restriction ?

 

Thanks 

Brian

6 Replies 6

Tenant restriction, as in keep people from connecting to other tenants in O365?



No, not as a feature.



Umbrella can't as its only operating on the dns lookup, they don't proxy O365 connections as there are TOO many of them.



A WSA might be able to if all of the HTTP requests have a tenant specific element in the URL.




Hi Ken,

 

On WSA, is it possible to insert specific tenant ids on http header pointing on specific domains?

Can I do this via customheaders on advancedproxyconfig?

 

Thank you.

SgtD
Level 1
Level 1

ConstantinosP

Yes it is possible and not that hard. Hardest part is dealing with all the issues with other 3rd party cloud apps that use Azure AD to login. If you figure that part out let me know :) 

https://docs.microsoft.com/en-us/azure/active-directory/manage-apps/tenant-restrictions

 

 

Hi SgtD,

Is that easy to do http header insertion on WSA?

I cannot find a related topic on Cisco documentation. Could you please post a useful doc or link for me?

 

Thank you.

 

Constantinos P,
Here is the link to the document I used https://docs.microsoft.com/en-us/azure/active-directory/manage-apps/tenant-restrictions I would read this first
The commands are pretty straight forward;
advancedproxyconfig
customheaders
new
Restrict-Access-To-Tenants: yourtenant.onmicrosoft.com
login.microsoft.com, login.microsoftonline.com, login.windows.net, login.microsoftonline-p.com
advancedproxyconfig
customheaders
new
Restrict-Access-Context: ########-####-####-####-############ <--insert your Azure AD Directory ID here
And don't forget to commit your changes

Hi,

 

I have the custom headers added; but it still seems to let me login to Microsoft with non authorised tenant details. 

is there a way I can verify this is working? Does it matter I have login.microsoftonline.com bypassing ssl inspection?

 

thanks 

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: