As Microsoft 365 continues to evolve, security remains a top priority for organizations of all sizes. The introduction of Tenant Restrictions v2 (TRv2) is set to significantly enhance security by limiting user access when using external accounts to sign in from your networks or devices. This feature is a part of the cross-tenant access settings and will soon be rolled out to the Microsoft 365 admin center, offering a new layer of protection against data exfiltration and unauthorized access.
What’s New with Tenant Restrictions v2?
Starting in mid-November to late December 2024, Microsoft will begin rolling out Tenant Restrictions v2 (TRv2) in the Microsoft 365 admin center. Once this feature is available, tenant admins will be able to restrict what external accounts can access, making it much harder for unauthorized users to breach systems or exfiltrate data.
This rollout is part of cross-tenant access settings and will be off by default. However, admins can choose to enable it to control and protect what external users can access when signing in from your network or devices. Importantly, no admin action is required before the feature is rolled out, but you may want to review the settings and notify your admin team once it’s live.
How Tenant Restrictions v2 Works
The primary benefit of Tenant Restrictions v2 is data plane protection for the Microsoft 365 admin center, complementing the authentication plane protection offered by Microsoft Entra ID. By leveraging cross-tenant access settings, Tenant Restrictions v2 helps organizations:
- Prevent data exfiltration: It makes it more difficult for foreign identities to access and extract sensitive data.
- Control external access: Admins can restrict which external accounts (Microsoft Entra ID, Microsoft Account, etc.) can access certain resources.
When enabled, TRv2 sends special signals to Microsoft Entra ID and other Microsoft resources to control external access, ensuring that only authorized users can sign in and access critical systems.
How Tenant Restrictions v2 Enhances Security for Your Organization
Before the rollout of TRv2, Microsoft 365 admins didn’t have the option to limit what external users could access when signing in from a network or device. However, with TRv2, the feature will be available to address the growing concerns around cross-company data exchange and security risks.
- Before the rollout: No restrictions are in place to limit what external users can access through the Microsoft 365 admin center.
- After the rollout: TRv2 settings will be available to restrict external access, ensuring only authorized users can access sensitive data or resources.
Key benefit: TRv2 helps reduce the risk of unauthorized access to your organization’s data when external accounts are used to sign in from your network or devices.
Preparing for Tenant Restrictions v2: Steps to Take
The good news for Microsoft 365 admins is that this rollout will happen automatically between mid-November and late December 2024, so there’s no immediate action required. However, to take full advantage of Tenant Restrictions v2, you can do the following:
- Review your current configuration: Check your existing cross-tenant access settings to understand how the new feature might impact your organization’s security.
- Enable Tenant Restrictions v2: After the feature is live, enable TRv2 to limit external access according to your organization’s security policies.
- Notify your team: Inform your admins and relevant stakeholders about the upcoming feature and its benefits for security.
- Update documentation: If needed, revise your internal documentation to reflect the new settings and any changes to the admin process.
Configuring Tenant Restrictions in Microsoft 365
To take advantage of TRv2, you’ll need to create a cross-tenant access setting in the Microsoft 365 admin center. This process will allow you to define the scope of access and configure tenant restrictions to best suit your organization’s security needs.
For detailed guidance on configuring tenant restrictions, you can visit Microsoft Learn: Configure tenant restrictions – Microsoft Entra ID
Final Thoughts
As the security landscape continues to evolve, features like Tenant Restrictions v2 will play a crucial role in protecting your organization’s sensitive data. By implementing these settings, you can ensure that only authorized users have access to your Microsoft 365 resources, even when external accounts are involved. Stay proactive, review your settings, and get ready to take advantage of this important security enhancement as it rolls out later this year.
By being aware of these changes and understanding how to implement them, Microsoft 365 admins can better safeguard their organizations against potential threats. If you have any questions or need assistance with configuring Tenant Restrictions v2, feel free to reach out or check the detailed resources from Microsoft.
