| title | description | ms.date |
|---|---|---|
TenantRestrictions Policy CSP |
Learn more about the TenantRestrictions Area in Policy CSP. |
01/18/2024 |
[!INCLUDE ADMX-backed CSP tip]
| Scope | Editions | Applicable OS |
|---|---|---|
| ✅ Device ❌ User |
✅ Pro ✅ Enterprise ✅ Education ✅ Windows SE ✅ IoT Enterprise / IoT Enterprise LTSC |
✅ [10.0.20348.320] and later ✅ Windows 10, version 2004 [10.0.19041.1320] and later ✅ Windows 10, version 2009 [10.0.19042.1320] and later ✅ Windows 10, version 21H1 [10.0.19043.1320] and later ✅ Windows 10, version 21H2 [10.0.19044] and later ✅ Windows 11, version 21H2 [10.0.22000] and later |
./Device/Vendor/MSFT/Policy/Config/TenantRestrictions/ConfigureTenantRestrictions
This setting enables and configures the device-based tenant restrictions feature for Microsoft Entra ID.
When you enable this setting, compliant applications will be prevented from accessing disallowed tenants, according to a policy set in your Microsoft Entra tenant.
Note
Creation of a policy in your home tenant is required, and additional security measures for managed devices are recommended for best protection. Refer to Microsoft Entra tenant Restrictions for more details.
https://go.microsoft.com/fwlink/?linkid=2148762
Before enabling firewall protection, ensure that a Windows Defender Application Control (WDAC) policy that correctly tags applications has been applied to the target devices. Enabling firewall protection without a corresponding WDAC policy will prevent all applications from reaching Microsoft endpoints. This firewall setting isn't supported on all versions of Windows - see the following link for more information.
For details about setting up WDAC with tenant restrictions, see https://go.microsoft.com/fwlink/?linkid=2155230
Description framework properties:
| Property name | Property value |
|---|---|
| Format | chr (string) |
| Access Type | Add, Delete, Get, Replace |
[!INCLUDE ADMX-backed policy note]
ADMX mapping:
| Name | Value |
|---|---|
| Name | trv2_payload |
| Friendly Name | Cloud Policy Details |
| Location | Computer Configuration |
| Path | Windows Components > Tenant Restrictions |
| Registry Key Name | SOFTWARE\Policies\Microsoft\Windows\TenantRestrictions\Payload |
| ADMX File Name | TenantRestrictions.admx |