Support for Microsoft Tenant Restrictions

book

Article ID: 173524

calendar_today

Updated On:

Products

Web Security Service - WSS

Issue/Introduction

As an Administrator, I want to be able to give my organization the ability to specify the list of tenants that their users are permitted to access.

 

Environment

Web Security Service

Resolution

SSL Interception Required

When enabling the Azure AD / Office 365 Tenant Restriction: SSL interception is a requirement as the Web Security Service will need to intercept for login.microsoftonline.com, login.microsoft.com, and login.windows.net domains.

Note: Make sure that any of these destination URLs are not exempt from SSL interception.

Azure AD / Office 365 Exemptions

The two policy toggles under Solutions > Office 365 will also need to be disabled as the tenant restriction will not apply and work if you already have any O365 URLs that are not working in the current condition.

  • Enable authentication exemptions for all Office 365 applications.
  • Enable SSL interception exemptions for all Office 365 applications. This option requires you to also enable SSL Interception (Service > Network > SSL Interception).

Note! Ensure to install the appropriate intercepting WSS root CA on client PCs before enabling.

Additional Information

References: