Setting up custom headers for Microsoft 365

Before you begin

You can use a tenant restriction in Azure Active Directory (AD) to control application access based on the Azure AD tenant that’s used for single sign-on (SSO). For more information on tenant restrictions, see Use tenant restrictions to manage access to SaaS cloud applications in the Microsoft Azure documentation.

This procedure describes how to create a custom header in ETP and block users from accessing personal accounts to Microsoft 365 apps.

How to

  1. In the navigation menu, select Configuration > Policies.
    Note: If you are trying the new Enterprise Center interface, in the navigation menu, select Policies > Policies.
  2. To edit a policy, click the name of the policy that you want to edit.
    If you are creating a policy, see Create a policy.
  3. Click the Custom Header tab, and click the plus sign icon.
  4. In the domain field, enter:
    • login.microsoftonline.com
    • login.microsoft.com
    • login.windows.net
  5. In the Header Name field, enter:
    Restrict-Access-To-Tenants
  6. In the Header Value field, enter the domains that are registered with your tenant. This would be the domains that are specific to your organization’s account.
  7. Click the plus sign icon to add another header.
  8. Repeat step 4
  9. In the Header Name field, enter:
    Restrict-Access-Context
  10. In the Header Value field, enter the directory ID that is associated with your organization’s AD.
    Note: You can find this ID in the Azure Active Directory portal. Log in as an administrator and from the navigation menu, select Azure Active Directory and then click Properties.
  11. Click Save.

Next steps

Deploy the policy to the ETP network. For instruction, see Deploy configuration changes.