Support for Microsoft Azure AD Tenant Restriction on Cloud SWG (previously known as Office 365 tenant restriction)
search cancel

Support for Microsoft Azure AD Tenant Restriction on Cloud SWG (previously known as Office 365 tenant restriction)

book

Article ID: 173524

calendar_today

Updated On: 08-23-2023

Products

Cloud Secure Web Gateway - Cloud SWG

Issue/Introduction

As an Administrator, I want to be able to give my organization the ability to specify the list of tenants that their users are permitted to access.

 

Environment

Cloud SWG (formerly Web Security Service - WSS)

Resolution

SSL Interception Required

When enabling the Azure AD / Office 365 Tenant Restriction: SSL interception is a requirement as Cloud SWG will need to intercept for login.microsoftonline.com, login.microsoft.com, and login.windows.net domains.

Note: Make sure that any of these destination URLs are NOT exempt from SSL interception.

Azure AD / Office 365 Exemptions

The two policy toggles under Solutions > Office 365 will also need to be disabled as the tenant restriction will not apply and work if you already have any O365 URLs that are not working in the current condition.

  • Disable authentication exemptions for all Office 365 applications. (Policy > Authentication Policy > Global Exemptions)






  • Disable SSL interception exemptions for all Office 365 applications. (Policy > TLS/SSL Interception > TLS/SSL Interception > Rule G2)




    This option requires you to also enable SSL Interception (Policy  > TLS/SSL Interception).

Note! Ensure to install the appropriate intercepting WSS root CA on client PCs before enabling.

Additional Information

References:

Powered by Wolken Software