Policy
Cloud Policy Details
This setting enables and configures the device-based tenant restrictions feature for Azure Active Directory. When you enable this setting, compliant applications will be prevented from accessing disallowed tenants, according to a policy set in your Azure AD tenant. Note: Creation of a policy in your home tenant is required, and additional security measures for managed devices are recommended for best protection. Refer to Azure AD Tenant Restrictions for more details. https://go.microsoft.com/fwlink/?linkid=2148762 Before enabling firewall protection, ensure that an App Control for Business policy that correctly tags applications has been applied to the target devices. Enabling firewall protection without a corresponding App Control for Business policy will prevent all applications from reaching Microsoft endpoints. This firewall setting is not supported on all versions of Windows - see the following link for more information. For details about setting up WDAC with tenant restrictions, see https://go.microsoft.com/fwlink/?linkid=2155230
602ce7dc9b8f trv2_payload Registry
Copy registry mappings
HKLM\SOFTWARE\Policies\Microsoft\Windows\TenantRestrictions\Payload\cloudidHKLM\SOFTWARE\Policies\Microsoft\Windows\TenantRestrictions\Payload\tenantidHKLM\SOFTWARE\Policies\Microsoft\Windows\TenantRestrictions\Payload\policyidHKLM\SOFTWARE\Policies\Microsoft\Windows\TenantRestrictions\Payload\hostnamesHKLM\SOFTWARE\Policies\Microsoft\Windows\TenantRestrictions\Payload\subdomainSupportedHostnamesHKLM\SOFTWARE\Policies\Microsoft\Windows\TenantRestrictions\Payload\ipRangesHKLM\SOFTWARE\Policies\Microsoft\Windows\TenantRestrictions\Payload\enforceFirewallPolicy notes
This setting enables and configures the device-based tenant restrictions feature for Azure Active Directory. When you enable this setting, compliant applications will be prevented from accessing disallowed tenants, according to a policy set in your Azure AD tenant. Note: Creation of a policy in your home tenant is required, and additional security measures for managed devices are recommended for best protection. Refer to Azure AD Tenant Restrictions for more details. https://go.microsoft.com/fwlink/?linkid=2148762 Before enabling firewall protection, ensure that an App Control for Business policy that correctly tags applications has been applied to the target devices. Enabling firewall protection without a corresponding App Control for Business policy will prevent all applications from reaching Microsoft endpoints. This firewall setting is not supported on all versions of Windows - see the following link for more information. For details about setting up WDAC with tenant restrictions, see https://go.microsoft.com/fwlink/?linkid=2155230