Azure AD Tenant Restrictions is a feature available for Azure AD customers which can be used to control the Azure AD tenants a user of an organization can access applications/resources in. It is applied by having a proxy service or similar service append additional HTTP headers for requests sent to Azure AD which tell Azure AD which tenants are allowed for a user and which tenant to log the requests in.
This setting impacts users of an organization when they access an application which is integrated with an Azure AD tenant.
Error message: Your network administrator has blocked access. External access is blocked by policy. Contact your IT department for access.
There are example of how to make change on your proxy:
Controlling Office 365 access using tenant restrictions on Edge SWG (ProxySG) or Advanced Secure Gateway.
Restrict users to a specific Office 365 tenant via Forcepoint Content Gateway proxy
Restricted SaaS access | FortiGate / FortiOS 7.4.1 | Fortinet Document Library
["Restrict-Access-To-Tenants"] = "Your company tenant", "Your business partner tenant"
For example: Your company is abc.onmicrosoft.com and your business partner is hkea.onmicrosoft.com
Your configuration will be like the following:
["Restrict-Access-To-Tenants"] = abc.onmicrosoft.com,hkea.onmicrosoft.com
Reference:
O365 User failed to access another company O365 resource due to restrict access to a tenant (Azure AD Tenant Restrictions)