Published: May 30, 2023
Microsoft has recently announced the release of tenant restrictions version 2 (TRv2) for commercial cloud customers. The latest release enables IT admins to control whether end users can use externally issued identities to access external apps from org-owned devices or corporate networks.
The tenant restriction feature builds on the cross-tenant access settings that launched in preview for Azure Active Directory users in February 2022. It allows administrators to control how employees can securely collaborate with people from other organizations. Up until now, tenant restrictions only used an on-premises proxy server to perform cloud authentication with Azure Active Directory (Azure AD).
“We’ve been hearing that data exfiltration is a big concern for our customers moving to M365 cloud services, especially those with a need to collaborate across organizational boundaries. TRv2 addresses those concerns by preventing information leaks due to token infiltration, anonymous access of external SharePoint online data, or anonymous join of external Teams meetings, and enables secure external collaboration,” Microsoft explained.
Microsoft highlighted several key features of tenant restrictions V2 (TRv2). This release gives IT admins more control over external tenant access within their organization. It’s also possible to create granular partner-specific collaboration policies for external tenants.
Additionally, tenant restrictions V2 makes it easier for IT Pros to manage externally issued user identities. Other capabilities include improved security as well as seamless configuration and management.
Microsoft explained that tenant restrictions V2 allows IT admins to define granular access controls on a per-organization, user, group, and application basis. The feature can be used to protect Office apps, UWP .NET applications, Microsoft Edge, SharePoint Online, Exchange Online, and other apps.
Microsoft recommends customers to implement TRv2 in order to ensure secure cross-company collaboration in enterprise environments. We invite you to check out this support page to find more details about setting up the tenant restriction policy.