![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(70.4, 23%, 16%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EA%3C/text%3E%3C/svg%3E)
25,222 questions
Hi @아롬 황 • Thank you for reaching out.
Yes, this can be achieved by using Tenant Restriction. To apply tenant restrictions, you must configure your proxy to insert the Restrict-Access-To-Tenants header containing the list of permitted tenants into traffic destined for Azure AD. If the Restrict-Access-To-Tenants: <permitted tenant list> header is present, Azure AD only issues security tokens for the permitted tenants. If the users behind the proxy try to access any other tenant that is not in the list of permitted tenants within the Restrict-Access-To-Tenants header, they will get below error:
Below is a high level diagram of how it works:
To test it out, you can use Fiddler for a host-based approach.
Read more: Restrict access to a tenant
-----------------------------------------------------------------------------------------------------------
Please "Accept the answer" if the information helped you. This will help us and others in the community as well.