Hi @M C · Thank you for reaching out.
The value of Restrict-Access-Context or Restrict-Access-To-Tenants can be either tenant/directory ID like "456ff232-35l2-5h23-b3b3-3236w0826f3d" (including location of dashes) as you have mentioned or tenant/directory name like tenant_name.onmicrosoft.com. You can specify multiple tenants by using ID or name separated by a comma.
I have tested setting the value of Restrict-Access-To-Tenants = tenant1.onmicrosoft.com,tenant2.onmicrosoft.com and it works perfectly fine. I am only restricted to tenant1 and tenant2, and cannot access tenant3 as expected.
-----------------------------------------------------------------------------------------------------------
Please "Accept the answer" if the information helped you. This will help us and others in the community as well.