Control Cloud Access to Microsoft 365

Use a tenant-control profile to manage access to the cloud-based application Microsoft 365. Once added, you can select the profile in an internet-access rule.


Microsoft 365 requires the following data to configure tenant controls for access to the cloud-based application:

  • Tenant Domain
  • Tenant Directory ID

For more information about this data and how to acquire it, see Azure Active Directory documentation.

The Microsoft 365 Compatibility feature exempts Microsoft 365 traffic from inspection and policy enforcement, allowing it to pass through Secure Access unaltered. When you configure tenant controls for Microsoft 365, Secure Access decrypts these Microsoft login domains (,, and for the purpose of tenant enforcement.

For more information, see the official Microsoft documentation and Microsoft 365 Compatibility.
Note: Microsoft 365 tenant restrictions do not block personal or consumer accounts, such as Hotmail or Outlook.


  1. Navigate to Resources > Internet and SaaS Resources.
  2. Select Tenant Controls.
  3. Click Add or expand the default Global Tenant Controls profile.
    Note: Tenant controls is enabled by default for a rule. A rule uses the default global tenant controls profile if no other tenant controls profile is configured for that rule.
  1. Give your configuration a descriptive Profile Name and select Microsoft 365.
  1. To grant access to Microsoft 365 from within your organization:
    a. Add your organization's Microsoft 365 Tenant Domain and click Add.
    Note: You can add multiple Tenant Domains.
    b. Optionally, add your organization's Tenant Directory ID for Microsoft 365.
    This ID is used to track Office 365 access in Azure Reports.
    Note: For more information about how to acquire the Tenant Directory ID, see Microsoft's documentation or contact Microsoft Support.
  1. Optionally, click the toggle to Block Personal Microsoft 365 accounts.
  1. Click Save.
    Result: The new Tenant Controls profile is now available for selection when you add an internet access rule. For rule requirements specific to tenant controls, see Use Tenant Controls in Access Rules.

Add a Tenant Controls Profile < Control Cloud Access to Microsoft 365 > Control Cloud Access to Google G Suite