Azure Active Directory Access Controls Designed to Prevent Data Leaks | eWeek

Microsoft Tightens Azure AD’s Access Controls for SaaS Apps

Azure Data Loss Prevention 2
Feb 3, 2017
2 minute read
eWeek content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More

The Tenant Restrictions feature in Azure Active Directory is now generally available, allowing organizations to exert more control over their users’ interactions with software-as-a-service applications to prevent leaks of sensitive information.

Alex Simons, director of Program Management at Microsoft’s Identity Division, explained that Tenant Restrictions “enables organizations to control access based on the Azure AD tenant the applications use for single sign-on,” in a Jan. 31 blog.

In addition to serving as the cloud-based version of the software giant’s user identity management platform, Azure AD also can be used to provide single sign-on and access services for a variety of third-party SaaS apps, and, of course, Microsoft’s own Office 365 business software suite.

Essentially, the feature can be used to help businesses ensure that their users are only permitted to log into their SaaS subscriptions. “For example, you can use Tenant Restrictions to allow access to your organization’s Office 365 applications, while preventing access to other organizations’ instances of these same applications,” continued Simons.

In the past, administrators blocked IP addresses or domains to restrict access to web applications, added Yossi Banai, a Microsoft Azure Active Directory program manager. However, the increased adoption of the public cloud and SaaS applications in enterprise environments, where all of a SaaS provider’s customers are pointed to the same shared domain name, has made this tactic impractical.

The potential for data leakage exists when users enjoy unfettered access to cloud applications, said Banai. “If users can access Office 365 with their corporate identity, they can also access these same services with other identities.”

Microsoft’s solution is to restrict access based on the Azure AD tenant that an organization uses to provide single sign-on services to its users and restrict access to unpermitted tenants. The solution requires an on-premises proxy server with Secure Sockets Layer inspection capabilities to insert a new header with a list of approved tenants. Setup instructions are available in this online support document.

The company also has rolled out several new features to its Azure AD’s business-to-business (B2B) collaboration toolkit.

As its name suggests, Azure AD B2B encompasses a set of technologies and management capabilities that enables enterprises and their partner organizations to collaborate securely. “The goal of Azure AD B2B is to enable organizations of all sizes and industries—even those with complex compliance and governance requirements—to work easily and securely with collaborators around the world,” said Simons in a separate Feb. 1 announcement.

New features include self-service capabilities that allow workers to invite other B2B users to applications or groups they manage. Users also gain the ability to send invitations to any email address. A new custom branding feature lends a professional look to email invitations.

Other updates include multi-factor authentication on B2B guest accounts, new auditing and reporting options, along with PowerShell support. The full list is available in this support documentation.

eWeek Logo

eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site's focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

Property of TechnologyAdvice. © 2026 TechnologyAdvice. All Rights Reserved

Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.