(107) Microsoft Entra - Tenant Restrictions
- Mr B SOE way
- Mar 7, 2024
- 1 min read
Awhile back Microsoft released information about tenant restrictions, where more information can be found here: https://learn.microsoft.com/en-us/entra/identity/enterprise-apps/tenant-restrictions
As part of a recent project, as the customer was using the following browsers both Microsoft Edge and Google Chrome. The easiest would be to kill Google Chrome but unfortunately that wasn't the case as we needed to block the following from loading once Google Chrome launches which is login.microsoftonline.com, login.microsoft.com, and login.windows.net.
Microsoft had provided a resolution to us in regards to tenant restrictions which is doable via WDAC (which I cover in another post) on a step by step with WDAC.
What was attempted:
Navigate to https://intune.microsoft.com/#view/Microsoft_Intune_DeviceSettings/DevicesWindowsMenu/~/configProfiles then select Create then New Policy then select Administrative Templates.
In the search field, search for Cloud Policy Details.
Select Enabled
Enter in Azure AD Directory ID: Which is from Entra ID
Enter in Policy GUID: Which is from WDAC
Tick "Enable firewall protection of Microsoft Endpoints"
Solution:
Navigate to https://intune.microsoft.com/#view/Microsoft_Intune_DeviceSettings/DevicesWindowsMenu/~/configProfiles then select Create then New Policy then select Settings Catalog.
Search for Block access to a list of URLs (Device), then enter the following:
Set 'Block access to a list of URLs' to Enabled
The end result is this when launching Google Chrome.
コメント