Microsoft Power Platform tenant isolation support along with the ability to specify allow list of tenants


Some of the functionality described in this release plan has not been released. Delivery timelines may change and projected functionality may not be released (see Microsoft policy). Learn more: What's new and planned

Enabled for Public preview General availability
Admins, makers, marketers, or analysts, automatically Apr 2021 -

Business value

Admins can manage data exfiltration or infiltration risks for Azure AD based connectors in their tenant by turning on tenant isolation for Microsoft Power Platform connections. This would disallow connections from your tenant to external tenants and also block other tenants to establish Microsoft Power Platform connections to your tenant. For legitimate business use cases where such cross-tenant connections are required to be enabled through Microsoft Power Platform, admins can specify an explicit allow list of tenants along with specifying the direction of allowing cross-tenant connections (inbound from external tenant, outbound from your tenant, or both).

Feature details

Enable/disable tenant isolation using self-serve capability through the Power Platform admin center: When tenant isolation is turned on, all Azure AD based connectors can no longer be used to create cross-tenant connections from/to your tenant. Previously, customers had to create a support ticket to enable tenant isolation. Now, we're allowing you to manage your tenant’s tenant isolation settings directly through the Power Platform admin center.

Choose an allowed list of tenants that are exempt from tenant isolation: This is a new capability within tenant isolation to allow legitimate business scenarios to continue connecting to explicitly identified tenants, even as everything else is disallowed. Wildcard * also is supported if all tenants need to be enabled in an inbound or outbound direction instead of identifying specific tenants.