Secure Access Help Center

Use Tenant Controls in Access Rules

To use tenant controls in internet-access rules:

  • Add tenant control profiles for the applications that require such controls.
  • Decryption must be enabled for the rule. Make sure it is enabled in the web profile selected in the rule.
  • The option to select a tenant control profile appears in the Security Controls section of the rule (after you choose destinations and then click Next.)
  • If you enable Microsoft 365 Compatibility in Global Settings:
    Microsoft 365 Compatibility is compatible with Tenant Controls. However, when Tenant Controls are configured for Microsoft 365, Secure Access decrypts three Microsoft login domains (login.microsoftonline.com, login.microsoft.com, and login.windows.net) for the purpose of tenant enforcement. The domain is detected by analyzing the SNI (Server Name Indication) TLS extension. Some applications may not send SNI information in which case the exclusion does not apply.
    For more information about Microsoft 365 Compatibility, see Global Settings for Access Rules.

Control Cloud Access to Dropbox < Use Tenant Controls in Access Rules > Review Tenant Controls

Updated 5 months ago