Today i am going to share information on how to turn on "Tenant Isolation" on Power Platform Admin Center.
Lets gets started.
What is Tenant Isolation ?
Tenant Isolation in terms of Power Platform Administrators can ensure that the connectors or Power Automate flows can be connected within the tenant while minimizing the risk of data expliotation outside the tenant.
Tenant Isolation can be used to block external tenants from establishing connections into your tenant (inbound isolation) as well as block your tenant from establishing connections to external connections to external tenants (outbound isolation)
Power Platform tenant isolation is different from Azure wide tenant restriction.it doesn't impact Azure AD based access outside of Power Platform.
Power Platform tenant isolation only works for connectors using Azure AD based authentication such as Office 365 Outlook or sharepoint.
There are three types of tenant isolations:
1. Inbound
2. Outbound
3. Inbound and Outbound
With the tenant isolation Power Platform Administrators can put restriction on the users not to connect to other tenants by imposing the type of isolation based on the use case.
For example:
Tenant GMR - UK
Tenant GMR - Europe
Now the users from Tenant GMR - UK can connect to the data source of the Tenant GMR - Europe even the inbound and outbound restriction is imposed because the Bidirectional allowlists in enabled for the both tenants. Anyone from outside the tenant is not able to connect because of the Tenant Isolation imposed.
How to configure Tenant Isolation ?
Login into PPAC
Expand Policies then click on Tenant Isolation
Turn "ON" Tenant Isolation then click save.
New Tenant Rule: Administrators can put restrictions by configuring the Tenant Rules.
Directon: Either - Inbound or Outbound or Inbound and Outbound
For example: INBOUND
I have chosen the direction as "INBOUND" Tenant Domain or ID AND click save.
What is the effect of this INBOUND Isolation ?
Inbound connections to the tenant from external tenants are blocked by Power Platform evem if the user presents valid credentials to the Azure AD secured data source, you can use rules to add exceptions with "Allowlists"
OUTBOUND:
I have chosen the direction as "OUTBOUND" Tenant Domain or ID AND click save.
What is the effect of this OUTBOUND Isolation ?
Outbound connections to the tenant from external tenants are blocked by Power Platform evem if the user presents valid credentials to the Azure AD secured data source, you can use rules to add exceptions with "Allowlists"
Inbound and Outbound Isolation
Inbouhd and Outbound connections to the tenant from external tenants are blocked by Power Platform evem if the user presents valid credentials to the Azure AD secured data source, you can use rules to add exceptions with "Allowlists"
Allowlist: Allowlist allows the tenant users to connect to data source even the tenant isolation is imposed on some tenants.
Outbound Allowlists;
For example Tenant A, Tenant B
Allowlist - Tenant B
Tenant User can establish a connection using Tenant B credentials.
Similarly : Bidirectional allowlist,
Below configured Tenant rule isolation rule:
For more information of Tenant Isolation click here
I hope this helps
Malla Reddy(@UK365GUY)
#365BlogPostsin365Days
No comments:
Post a Comment
Note: only a member of this blog may post a comment.