Summary
How to restrict Office 365 to only work with the tenants you specify, for example, smoothwall.com.
Problem
You want to limit your users to only accessing your company or student Office 365 account and prevent them from accessing their personal accounts.
Solution
Note: The solution shown below requires HTTPS interception to be setup and working on the Guardian web filter see our help topic, Managing HTTPS inspection policies.
- Navigate to Guardian > Content modifications > Content modifications and create the following two content modifications with the following settings;
* Note, if the above link does not exist, instead navigate to Guardian > Content modifications > Policy Wizard, expand the 'Action' section, and select the 'new content modification' link.
Name: Office 365 Tenant Restriction
Request headers to override: Restrict-Access-To-Tenants: <domain>
* Replace <domain> with your domain or directory ID
* Multiple domains or IDs can be specified by separating them with a comma
Name: Microsoft Personal Account Restriction
Request headers to override: sec-Restrict-Tenant-Access-Policy: restrict-msa - Navigate to Guardian > Policy Objects > Categories and create a custom category with the name "Microsoft Live". Under the Domain/URL filtering section add the following;
login.live.com - Finally, navigate to Guardian > Content modifications > Manage policies and create the following two policies
Who: Everyone *
What: Microsoft Office 365
Where: Everywhere *
Action: Apply Office 365 Tenant Restriction
Who: Everyone*
What: Microsoft Live
Where: Everywhere*
Action: Apply Microsoft Personal Account Restriction
* Change as required
For more detailed information on how this works please visit Microsoft's help site page: Use Tenant Restrictions to manage access to SaaS cloud applications