Thank you for your post!
To hopefully help point you in the right direction, it's possible to use Tenant Outbound Settings to enforce tenant restrictions instead of using global secure clients or remote networks.
-
Note: If you're looking to use Universal tenant restrictions, this feature leverages Global Secure Access (preview).
For more info.
- When it comes to configuring your outbound cross-tenant access settings, you should be able to leverage the Tenant restrictions (Preview) feature, to control whether your users can access external applications from your network, or devices using external accounts. This includes accounts issued to them by external organizations and accounts they've created in unknown tenants.
There are three ways to apply the policy in your organization:
- Universal tenant restrictions v2 - Using Global Secure Access (preview).
- Authentication plane tenant restrictions v2 - Deploying a corporate proxy in your organization.
- Windows tenant restrictions v2 - For your corporate-owned Windows devices.
Allow or block invitations to B2B users from specific organizations:
- You can also restrict access to specific domains or IP addresses, which can help prevent internal users from joining unauthorized B2B tenants. Additionally, the outbound B2B access settings let you determine whether your users can be invited to external Microsoft Entra tenants for B2B collaboration and added to their directories as guests.
Please note that along with your cross-tenant access settings, you should consider implementing conditional access policies to ensure the correct MFA steps are taken, to prevent unauthorized usage of your applications.
Additional Links:
- Tenant restrictions v2 overview
- Modify outbound access settings
- Set the allow or blocklist policy in the portal
- Overview: Cross-tenant access with Microsoft Entra External ID
I hope this helps!
If you have any other questions, please let me know. Thank you for your time and patience throughout this issue.
If the information helped address your question, please Accept the answer. This will help us and also improve searchability for others in the community who might be researching similar information.