Skip to content

Latest commit

 

History

History
91 lines (66 loc) · 4.31 KB

policy-csp-tenantrestrictions.md

File metadata and controls

91 lines (66 loc) · 4.31 KB
title description ms.date
TenantRestrictions Policy CSP
Learn more about the TenantRestrictions Area in Policy CSP.
09/27/2024

Policy CSP - TenantRestrictions

[!INCLUDE ADMX-backed CSP tip]

ConfigureTenantRestrictions

Scope Editions Applicable OS
✅ Device
❌ User		 ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC		 ✅ [10.0.20348.320] and later
✅ Windows 10, version 2004 with KB5006738 [10.0.19041.1320] and later
✅ Windows 10, version 20H2 with KB5006738 [10.0.19042.1320] and later
✅ Windows 10, version 21H1 with KB5006738 [10.0.19043.1320] and later
✅ Windows 10, version 21H2 [10.0.19044] and later
✅ Windows 11, version 21H2 [10.0.22000] and later		 
./Device/Vendor/MSFT/Policy/Config/TenantRestrictions/ConfigureTenantRestrictions

This setting enables and configures the device-based tenant restrictions feature for Microsoft Entra ID.

When you enable this setting, compliant applications will be prevented from accessing disallowed tenants, according to a policy set in your Microsoft Entra tenant.

Note

Creation of a policy in your home tenant is required, and additional security measures for managed devices are recommended for best protection. Refer to Microsoft Entra tenant Restrictions for more details.

https://go.microsoft.com/fwlink/?linkid=2148762

Before enabling firewall protection, ensure that an App Control for Business policy that correctly tags applications has been applied to the target devices. Enabling firewall protection without a corresponding App Control for Business policy will prevent all applications from reaching Microsoft endpoints. This firewall setting isn't supported on all versions of Windows - see the following link for more information.

For details about setting up App Control with tenant restrictions, see https://go.microsoft.com/fwlink/?linkid=2155230

Description framework properties:

Property name Property value
Format chr (string)
Access Type Add, Delete, Get, Replace

[!INCLUDE ADMX-backed policy note]

ADMX mapping:

Name Value
Name trv2_payload
Friendly Name Cloud Policy Details
Location Computer Configuration
Path Windows Components > Tenant Restrictions
Registry Key Name SOFTWARE\Policies\Microsoft\Windows\TenantRestrictions\Payload
ADMX File Name TenantRestrictions.admx

Related articles

Policy configuration service provider