Really hard to get answers to this question, and it's one that different people have opposite views on:
Will Tenant Restrictions on our Proxy server, block one of my Users from accessing someone else's Tenant - even if they set them up as a Guest User in their AAD?
Background: I have Microsoft Tenant-Restrictions in place, which basically is where the Proxy server inspects the header of all outgoing requests to access Microsoft's public cloud. It looks at what Tenant name the request is trying to access, and checks a config file (or whitelist) to verify that that Tenant is approved). If it's not, they are blocked.
This is in place by design.
Problem: I'm finding that more and more partners of ours are setting up my Users in their Azure Active Directory and giving them access to their resources, as part of their B2B collaboration. This also is by design. However as per above, the Tenant-Restrictions we have in place block this.
It's been suggested to me that if the User is setup as a Guest in their AAD, this will not be impacted by the Tenant-Restrictions, and that User will be able to access their Tenant.
However I'm not sure that I agree.
As the User is set up as a Guest in someone else's AAD (which obviously resides in their Tenant), that User will be blocked during authentication as the IDP is their AAD - not mine.
My basic testing supports my view. However I'm still having debates with people about this. Unfortunately I'm not in a position to test this in detail in my work environment.
So, do Guest accounts bypass Tenant Restrictions?
Thanks!
