Preberi v angleščini Uredi

Deli z drugimi prek

Policy CSP - TenantRestrictions

  • Članek

Nasvet

This CSP contains ADMX-backed policies which require a special SyncML format to enable or disable. You must specify the data type in the SyncML as <Format>chr</Format>. For details, see Understanding ADMX-backed policies.

The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see CDATA Sections.

ConfigureTenantRestrictions

Scope Editions Applicable OS
✅ Device
❌ User		 ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC		 ✅ [10.0.20348.320] and later
✅ Windows 10, version 2004 with KB5006738 [10.0.19041.1320] and later
✅ Windows 10, version 20H2 with KB5006738 [10.0.19042.1320] and later
✅ Windows 10, version 21H1 with KB5006738 [10.0.19043.1320] and later
✅ Windows 10, version 21H2 [10.0.19044] and later
✅ Windows 11, version 21H2 [10.0.22000] and later
Device 
./Device/Vendor/MSFT/Policy/Config/TenantRestrictions/ConfigureTenantRestrictions

This setting enables and configures the device-based tenant restrictions feature for Microsoft Entra ID.

When you enable this setting, compliant applications will be prevented from accessing disallowed tenants, according to a policy set in your Microsoft Entra tenant.

Opomba

Creation of a policy in your home tenant is required, and additional security measures for managed devices are recommended for best protection. Refer to Microsoft Entra tenant Restrictions for more details.

https://go.microsoft.com/fwlink/?linkid=2148762

Before enabling firewall protection, ensure that an App Control for Business policy that correctly tags applications has been applied to the target devices. Enabling firewall protection without a corresponding App Control for Business policy will prevent all applications from reaching Microsoft endpoints. This firewall setting isn't supported on all versions of Windows - see the following link for more information.

For details about setting up App Control with tenant restrictions, see https://go.microsoft.com/fwlink/?linkid=2155230

Description framework properties:

Property name Property value
Format chr (string)
Access Type Add, Delete, Get, Replace

Nasvet

This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to Enabling a policy.

ADMX mapping:

Name Value
Name trv2_payload
Friendly Name Cloud Policy Details
Location Computer Configuration
Path Windows Components > Tenant Restrictions
Registry Key Name SOFTWARE\Policies\Microsoft\Windows\TenantRestrictions\Payload
ADMX File Name TenantRestrictions.admx

Policy configuration service provider