deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-05-12 05:17:22 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity
windows-itpro-docs/windows/client-management/mdm/policy-csp-tenantrestrictions.md
Vinay Pamnani a93dc073a9 Add KB Numbers to applicability
2024-08-06 12:15:01 -06:00

4.3 KiB
Raw Blame History

title, description, ms.date
title description ms.date
TenantRestrictions Policy CSP Learn more about the TenantRestrictions Area in Policy CSP. 08/06/2024

Policy CSP - TenantRestrictions

[!INCLUDE ADMX-backed CSP tip]

ConfigureTenantRestrictions

Scope Editions Applicable OS
Device
User		 Pro
Enterprise
Education
Windows SE
IoT Enterprise / IoT Enterprise LTSC		 [10.0.20348.320] and later
Windows 10, version 2004 with KB5006738 [10.0.19041.1320] and later
Windows 10, version 2009 with KB5006738 [10.0.19042.1320] and later
Windows 10, version 21H1 with KB5006738 [10.0.19043.1320] and later
Windows 10, version 21H2 [10.0.19044] and later
Windows 11, version 21H2 [10.0.22000] and later		 
./Device/Vendor/MSFT/Policy/Config/TenantRestrictions/ConfigureTenantRestrictions

This setting enables and configures the device-based tenant restrictions feature for Microsoft Entra ID.

When you enable this setting, compliant applications will be prevented from accessing disallowed tenants, according to a policy set in your Microsoft Entra tenant.

Note

Creation of a policy in your home tenant is required, and additional security measures for managed devices are recommended for best protection. Refer to Microsoft Entra tenant Restrictions for more details.

https://go.microsoft.com/fwlink/?linkid=2148762

Before enabling firewall protection, ensure that a Windows Defender Application Control (WDAC) policy that correctly tags applications has been applied to the target devices. Enabling firewall protection without a corresponding WDAC policy will prevent all applications from reaching Microsoft endpoints. This firewall setting isn't supported on all versions of Windows - see the following link for more information.

For details about setting up WDAC with tenant restrictions, see https://go.microsoft.com/fwlink/?linkid=2155230

Description framework properties:

Property name Property value
Format chr (string)
Access Type Add, Delete, Get, Replace

[!INCLUDE ADMX-backed policy note]

ADMX mapping:

Name Value
Name trv2_payload
Friendly Name Cloud Policy Details
Location Computer Configuration
Path Windows Components > Tenant Restrictions
Registry Key Name SOFTWARE\Policies\Microsoft\Windows\TenantRestrictions\Payload
ADMX File Name TenantRestrictions.admx

Related articles

Policy configuration service provider