Wednesday, October 4, 2023

O365 User failed to access another company O365 resource due to restrict access to a tenant (Azure AD Tenant Restrictions)

Azure AD Tenant Restrictions is a feature available for Azure AD customers which can be used to control the Azure AD tenants a user of an organization can access applications/resources in. It is applied by having a proxy service or similar service append additional HTTP headers for requests  sent to Azure AD which tell Azure AD which tenants are allowed for a user and which tenant to log the requests in. 

This setting impacts users of an organization when they access an application which is integrated with an Azure AD tenant.

Error message: Your network administrator has blocked access. External access is blocked by policy. Contact your IT department for access.

 

 
There are example of how to make change on your proxy:
Controlling Office 365 access using tenant restrictions on Edge SWG (ProxySG) or Advanced Secure Gateway.

Restrict users to a specific Office 365 tenant via Forcepoint Content Gateway proxy

Restricted SaaS access | FortiGate / FortiOS 7.4.1 | Fortinet Document Library

["Restrict-Access-To-Tenants"] = "Your company tenant", "Your business partner tenant"

For example: Your company is abc.onmicrosoft.com and your business partner is hkea.onmicrosoft.com

Your configuration will be like the following:

["Restrict-Access-To-Tenants"] = abc.onmicrosoft.com,hkea.onmicrosoft.com

Reference: 

Print Friendly and PDF
Share/Bookmark

No comments:

Post a Comment