Glossary
Tenant Restrictions
Microsoft Entra controls preventing users on your network from signing into other tenants — for data-exfiltration prevention.
Tenant Restrictions are Microsoft Entra controls that prevent users on your network from signing into other Microsoft Entra tenants — useful for blocking data exfiltration to unauthorised tenants. Two generations:
- Tenant Restrictions v1 — applied at the network egress level via HTTP headers; works for traffic that passes through your proxy.
- Tenant Restrictions v2 — modern, applied via Microsoft Entra Global Secure Access or proxy integration with more granular control: which tenants are allowed, which users from those tenants, which apps.
Used by organisations wanting to prevent staff from logging into personal Microsoft accounts, partner tenants, or unsanctioned SaaS tenants from the corporate network. Different from Cross-Tenant Access Settings (which controls inbound B2B from other tenants into yours).