How to implement Azure AD Tenant Restriction on Cloud SWG portal tenant?
Since the release of the AUG.27.2021 Cloud SWG portal you can setup the Restrict-Access-Context / Restrict-Access-To-Tenants header in the Policy section of the Cloud SWG portal.
This is now a Cloud SWG standard configuration item that was previously implemented by Broadcom for the customer via Cloud SWG backend changes.
The header feature is located just above the "Server" sub-section [Image 1]. Click on the "Header modification" link and you will be presented with the Header modification view, which contains 2 sub-sections [Image 2]: "Global Rules" and "Specific header rules".
To setup your Azure AD header modification policy on the "Specific header rules" section, click Add. Then select the Conditions (Sources / Destinations) as applicable.
The destinations for Azure AD tenant restriction is a list of 3 urls (currently, based on Microsoft specifications).:
On the Verdict section select "Add Header > Azure AD". This will present you with the 2 expected fields "Restrict-Access-To-Tenants" and "Restrict-Access-Context" [Image 3].
Once you are satisfied that the rule is configured as desired you can save it by clicking "Add rule" and install the policy using the "Activate" button.
If you manage policies via Management Center (UPE) rather than via WSS Portal, please apply the VPM or CPL policy from the following document:
Controlling Office 365 access using tenant restrictions on ProxySG or Advanced Secure Gateway