Cloud Policy Details
Supported on: At least Windows 10 Version 1909
Registry
SOFTWARE\Policies\Microsoft\Windows\TenantRestrictions\Payload Options
cloudid text tenantid text policyid text enforceFirewall boolean hostnames multiText subdomainSupportedHostnames multiText ipRanges multiText Description
This setting enables and configures the device-based tenant restrictions feature for Azure Active Directory. When you enable this setting, compliant applications will be prevented from accessing disallowed tenants, according to a policy set in your Azure AD tenant. Note: Creation of a policy in your home tenant is required, and additional security measures for managed devices are recommended for best protection. Refer to Azure AD Tenant Restrictions for more details. https://go.microsoft.com/fwlink/?linkid=2148762 Before enabling firewall protection, ensure that an App Control for Business policy that correctly tags applications has been applied to the target devices. Enabling firewall protection without a corresponding App Control for Business policy will prevent all applications from reaching Microsoft endpoints. This firewall setting is not supported on all versions of Windows - see the following link for more information. For details about setting up WDAC with tenant restrictions, see https://go.microsoft.com/fwlink/?linkid=2155230