deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-05-12 05:17:22 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity
windows-itpro-docs/windows/client-management/mdm/policy-csp-tenantrestrictions.md
Vinay Pamnani ed08353578 Add some other missing policy CSPs
2022-11-01 16:02:54 -04:00

4.2 KiB
Raw Blame History

title, description, author, manager, ms.author, ms.date, ms.localizationpriority, ms.prod, ms.reviewer, ms.technology, ms.topic
title description author manager ms.author ms.date ms.localizationpriority ms.prod ms.reviewer ms.technology ms.topic
TenantRestrictions Policy CSP Learn more about the TenantRestrictions CSP Policy vinaypamnani-msft aaroncz vinpa 11/01/2022 medium windows-client itpro-manage article

Policy CSP - TenantRestrictions

ConfigureTenantRestrictions

Scope Editions Applicable OS
✔️ Device
User		 Home
✔️ Pro
✔️ Enterprise
✔️ Education
✔️ Windows SE		 ✔️ Unknown [10.0.20348.320] and later
✔️ Windows 10, version 2004 [10.0.19041.1320] and later
✔️ Windows 10, version 2009 [10.0.19042.1320] and later
✔️ Windows 10, version 21H1 [10.0.19043.1320] and later
✔️ Windows 10, version 21H2 [10.0.19044] and later
✔️ Windows 11, version 21H2 [10.0.22000] and later		 
./Device/Vendor/MSFT/Policy/Config/TenantRestrictions/ConfigureTenantRestrictions

This setting enables and configures the device-based tenant restrictions feature for Azure Active Directory.

When you enable this setting, compliant applications will be prevented from accessing disallowed tenants, according to a policy set in your Azure AD tenant.

Note: Creation of a policy in your home tenant is required, and additional security measures for managed devices are recommended for best protection. Refer to Azure AD Tenant Restrictions for more details.

https://go.microsoft.com/fwlink/?linkid=2148762

Before enabling firewall protection, ensure that a Windows Defender Application Control (WDAC) policy that correctly tags applications has been applied to the target devices. Enabling firewall protection without a corresponding WDAC policy will prevent all applications from reaching Microsoft endpoints. This firewall setting is not supported on all versions of Windows - see the following link for more information. For details about setting up WDAC with tenant restrictions, see https://go.microsoft.com/fwlink/?linkid=2155230

Description framework properties:

Property name Property value
Format chr (string)
Access Type Add, Delete, Get, Replace

ADMX mapping:

Name Value
Name trv2_payload
Friendly Name Cloud Policy Details
Location Computer Configuration
Path Windows Components > Tenant Restrictions
Registry Key Name SOFTWARE\Policies\Microsoft\Windows\TenantRestrictions\Payload
ADMX File Name TenantRestrictions.admx

Related articles

Policy configuration service provider