HEX
Server: Apache
System: Windows NT MAGNETO-ARM 10.0 build 22000 (Windows 10) AMD64
User: Michel (0)
PHP: 7.4.7
Disabled: NONE
$ pwd: C:/Windows/PolicyDefinitions/en-US/
Upload Files
File: C:/Windows/PolicyDefinitions/en-US/TenantRestrictions.adml
<?xml version="1.0" encoding="utf-8"?>
<policyDefinitionResources revision="1.0" schemaVersion="1.0">
  <displayName>Tenant Restriction Policies</displayName>
  <description>Prototype policies for Tenant Restrictions v2</description>
  <resources>
    <stringTable>
      <string id="TenantRestrictions">Tenant Restrictions</string>
      <string id="trv2_payload">Cloud Policy Details</string>
      <string id="trv2_payload_EXPLAIN">This setting enables and configures the device-based tenant restrictions feature for Azure Active Directory.

When you enable this setting, compliant applications will be prevented from accessing disallowed tenants, according to a policy set in your Azure AD tenant.

Note: Creation of a policy in your home tenant is required, and additional security measures for managed devices are recommended for best protection. Refer to Azure AD Tenant Restrictions for more details.

https://go.microsoft.com/fwlink/?linkid=2148762

Before enabling firewall protection, ensure that a Windows Defender Application Control (WDAC) policy that correctly tags applications has been applied to the target devices. Enabling firewall protection without a corresponding WDAC policy will prevent all applications from reaching Microsoft endpoints. This firewall setting is not supported on all versions of Windows - see the following link for more information. 
For details about setting up WDAC with tenant restrictions, see https://go.microsoft.com/fwlink/?linkid=2155230</string>
    </stringTable>
    <presentationTable>
      <presentation id="trv2_payload">
        <textBox refId="PayloadCloudId"><label>Cloud ID (optional):</label></textBox>
        <textBox refId="PayloadTenantId"><label>Azure AD Directory ID:</label></textBox>
        <textBox refId="PayloadPolicyId"><label>Policy GUID:</label></textBox>
        <checkBox refId="EnforceFirewall">Enable firewall protection of Microsoft endpoints</checkBox>
        <multiTextBox refId="PayloadHostnamesId">Hostnames (optional):</multiTextBox>
        <multiTextBox refId="PayloadSubdomainSupportedHostnamesId">Subdomain Supported Hostnames (optional):</multiTextBox>
        <multiTextBox refId="PayloadIpRangesId">IP Ranges (optional):</multiTextBox>
      </presentation>
    </presentationTable>
  </resources>
</policyDefinitionResources>
@ Telegram