Large organizations that prioritize security want to migrate to cloud services such as Microsoft 365, but they must ensure that their users can only access approved resources. Companies have traditionally restricted access by restricting domain names or IP addresses. This strategy fails in a world where software as a service (SaaS) apps are hosted in the public cloud and use shared domain names such as outlook.office.com and login.microsoftonline.com. Instead of restricting users to approved identities and resources, blocking these addresses would prevent them from accessing Outlook on the web entirely. Tenant restrictions are a feature in Azure Active Directory (Azure AD) that addresses this issue . In this blogpost, we look at how MTR devices can potentially implement this capability. |