How to implement Azure AD Tenant Restriction on WSS portal tenant?
Since the release of the AUG.27.2021 WSS portal you can setup the Restrict-Access-Context / Restrict-Access-To-Tenants header in the Policy section of the WSS portal.
This is now a WSS standard configuration item that was previously implemented by Broadcom for the customer via WSS backend changes.
The header feature is located just above the "Server" sub-section [Image 1]. Click on the "Header modification" link and you will be presented with the Header modification view, which contains 2 sub-sections [Image 2]: "Global Rules" and "Specific header rules".
To setup your Azure AD header modification policy on the "Specific header rules" section, click Add. Then select the Conditions (Sources / Destinations) as applicable.
The destinations for Azure AD tenant restriction is a list of 3 urls (currently, based on Microsoft specifications).:
On the Verdict section select "Add Header > Azure AD". This will present you with the 2 expected fields "Restrict-Access-To-Tenants" and "Restrict-Access-Context" [Image 3].
Once you are satisfied that the rule is configured as desired you can save it by clicking "Add rule" and install the policy using the "Activate" button.