Switch to Tenant Restrictions V2 for Enhanced Security
Image Source: Shutterstock.com
Microsoft 365 Admin Center
Mar 21, 2024 9:00 PM

Switch to Tenant Restrictions V2 for Enhanced Security

by HubSite 365 about Microsoft

Software Development Redmond, Washington

Pro UserMicrosoft 365 Admin CenterSecurityM365 AdminM365 Release

Prevent Data Exfiltration: Migrate to Microsoft Entra Tenant Restrictions v2 Today!

Key insights



  • Upgrade to Tenant Restrictions v2 for more granular control and easier policy management without extra licensing requirements.
  • Admins can update policies directly from the Microsoft Entra portal, avoid proxy header updates, and do not face partner number limitations.
  • Selective access for user groups across external tenants enhances security and operational flexibility compared to the broad allowances of v1.
  • Tenant Restrictions require proxy routing, with v2 enhancing the model by specifying tenant ID and policy ID in the header for Microsoft Entra ID enforcement.
  • To further fortify tenant restrictions, consider the Universal Tenant Restrictions, adding data layer protection and preventing token infiltration, ensuring more secure access to Microsoft 365 resources.

Tenant Restrictions in Microsoft Entra

Tenant restrictions play a crucial role in safeguarding corporate networks from unauthorized access and potential data exfiltration by managing user and application access across external tenants. The evolution from Tenant Restrictions v1 to v2 introduces significant improvements, offering admins enhanced control, flexibility, and ease of policy management directly from the Microsoft Entra portal. By eliminating the constraints of proxy header updates and partner number limitations, Tenant Restrictions v2 allows for a more finetuned security posture.

Tenant restrictions are essential to prevent data theft via unauthorized access to external Microsoft Entra ID tenants and consumer Microsoft accounts. Tenant restrictions v1 allowed for an allow list of tenant IDs and Microsoft sign-in endpoints, ensuring access to external tenants authorized by your organization. Compared to tenant restrictions v1, tenant restrictions v2 offers finer control and easier policy management without extra licensing demands.

  • Update the policy from the Microsoft Entra portal without needing to adjust each network proxy.
  • Remove size limitations on your maximum proxy header length, allowing unlimited partners with tenant restrictions v2.
  • Selectively manage which user groups can access specific apps in external tenants, offering more precise control than allowing entire tenant access for all identities.

Read the full article Upgrade your tenant restrictions to v2



People also ask

What is the difference between tenant restrictions v1 and V2?

Tenant restrictions version 1 (v1) focuses on safeguarding the authentication plane by enabling the configuration of an allowed tenant list through a company's proxy. Conversely, version 2 (v2) provides enhanced granularity in authentication and protection at both the authentication and data planes, offering flexibility in implementation with or without a corporate proxy.

What is Microsoft tenant restrictions?

Microsoft's tenant restrictions empower organizations to dictate which tenants their network users can access by maintaining a specified allowlist. Through Microsoft Entra ID, users are granted access solely to these allowed tenants, while access to all other tenants, including those where the users are guests, is restricted.

What is TRv2 in Microsoft?

Tenant Restrictions Version 2 (TRv2) represents an evolution from its predecessor, enabling administrators to manage permissions for accessing external tenants more precisely. This version allows control over the external tenants that users on organization-owned devices can access, including when they're utilizing identities issued outside the organization, provided the users are within the organizational network.

How do I change my tenant in Azure portal?

To switch tenants in the Azure portal, initiate the process by signing in and navigating to the Subscriptions page. Here, select a subscription and then click on "Change directory." After selecting the desired new Tenant, click "Change" to finalize the adjustments, being mindful of any warnings that may appear during this process.



Upgrade Tenant Restrictions V2, Tenant Restrictions Version 2, Implement Tenant Restrictions V2, Enhance Security Tenant Restrictions V2, Tenant Restriction Policy Upgrade, Advanced Tenant Restrictions Guide, Secure Multitenancy V2, Optimize Tenant Restrictions V2