Should tenant restrictions also include the host name login.microsoftonline-p.com

[loaderladdy-work]

Power Platform documentation found here https://learn.microsoft.com/en-us/power-platform/admin/online-requirements references

login.microsoftonline-p.com

Should this host name also be part of the names used for Tenant Restrictions?

Pete

---

Document Details

⚠ Do not edit this section. It is required for learn.microsoft.com ➟ GitHub issue linking.

• ID: 89ea5c2d-4602-25b8-3cdd-60cfb5c31895
• Version Independent ID: 35d4af7e-72e4-7c40-9dd6-b8490ee73f0d
• Content: Use tenant restrictions to manage access to SaaS apps - Microsoft Entra
• Content Source: articles/active-directory/manage-apps/tenant-restrictions.md
• Service: active-directory
• Sub-service: app-mgmt
• GitHub Login: @omondiatieno
• Microsoft Alias: jomondi

[ManoharLakkoju-MSFT]

@loaderladdy-work Thanks for your feedback! We will investigate and update as appropriate.

[loaderladdy-work]

I noticed reference to this in the Power Platform's Microsoft Learn pages, but while the host looks like it should be included in Tenant Restrictions there is no other Microsoft documentation to support this.

[ManoharLakkoju-MSFT]

Hi @loaderladdy-work No, login.microsoftonline-p.com is not a host name that needs to be included in Tenant Restrictions. Tenant Restrictions is a feature that allows you to restrict access to SaaS applications based on the tenant that the user belongs to. To use Tenant Restrictions, your clients must be able to connect to the following Azure AD URLs to authenticate:

• login.microsoftonline.com
• login.microsoft.com
• login.windows.net

Additionally, to access Office 365, your clients must also be able to connect to the fully qualified domain names (FQDNs), URLs, and IP addresses defined in Office 365 URLs and IP address ranges. While login.microsoftonline-p.com is a valid Azure AD authentication endpoint, it is not a host name that is required for Tenant Restrictions. If you have any further questions or concerns, please let me know.

[loaderladdy-work]

@ManoharLakkoju-MSFT thank you for the explanation which I appreciate, thank you.

A further clarification from me around users with identities that are Azure AD tenant based. Does tenant restrictions not just apply to Office 365, but also extend to other Microsoft SaaS products? for instance I believe that tenant restrictions also applies to Microsoft Power Platform and Microsoft Dynamics Platform. So Tenant Restrictions is an apply once and works on all Microsoft cloud products. If this is not the case can you please clarify for me thank you?

[ManoharLakkoju-MSFT]

@loaderladdy-work Yes, you are correct. Tenant Restrictions is not limited to Office 365, but it also applies to other Microsoft SaaS products, including Microsoft Power Platform and Microsoft Dynamics Platform. Tenant Restrictions is a feature of Azure AD, which is a cloud-based identity and access management service provided by Microsoft. Therefore, it can be used to control access to any SaaS application that uses Azure AD for single sign-on.

When you configure Tenant Restrictions, you specify the list of tenants that users on your network are permitted to access. Azure AD then only grants access to these permitted tenants - all other tenants are blocked, even ones that your users may be guests in. This means that Tenant Restrictions can be applied once and work on all Microsoft cloud products that use Azure AD for single sign-on.

I hope this clarifies your question. If you have any further questions or need more information, please let me know.

[ManoharLakkoju-MSFT]

@loaderladdy-work We are going to close this thread as resolved but if there are any further questions regarding the documentation, please tag me in your reply and we will be happy to continue the conversation

[loaderladdy-work]

@ManoharLakkoju-MSFT thanks again for your further clarification. mine last question, if you don’t mind , to clear up a loose end I have. What do calls to login.microsoftonline-p.com do if they are outside of the scope of Tenant Restrictions?

And, would it be useful to explain this in the Tenant Restrictions documentation?

[ManoharLakkoju-MSFT]

@loaderladdy-work I'd recommend working closer with our support team via an [Azure support request] (https://docs.microsoft.com/en-us/azure/azure-portal/supportability/how-to-create-azure-support-request). Or you can leverage our Q&A forum by posting your issue there so our community, and MVPs can further assist you in troubleshooting this issue or finding potential workarounds.

[Teams Q&A forum] (https://docs.microsoft.com/en-us/answers/topics/46488/office-teams-windows-itpro.html) for technical questions about the configuration and administration of Microsoft Teams on Windows. [Microsoft Teams Community forum] (https://answers.microsoft.com/en-us/msteams/forum?sort=LastReplyDate&dir=Desc&tab=All&status=all&mod=&modAge=&advFil=&postedAfter=&postedBefore=&threadType=All&isFilterExpanded=false&page=1) Thank you for your time and patience throughout this issue.