ASD's Blueprint for Secure Cloud

Cross-tenant access settings

This page describes the configuration of cross-tenant access settings within Microsoft Entra ID associated with systems built according to the guidance provided by ASD's Blueprint for Secure Cloud.

Estimated reading time: 2 minutes

Default settings

Inbound access settings

TypeApplies toStatus
B2B collaborationExternal users and groupsAll allowed
B2B collaborationApplicationsAll allowed
B2B direct connectExternal users and groupsAll blocked
B2B direct connectApplicationsAll blocked
Trusted settingsN/ADisabled

Outbound access settings

TypeApplies toStatus
B2B collaborationUsers and groupsAll allowed
B2B collaborationExternal applicationsAll allowed
B2B direct connectUsers and groupsAll blocked
B2B direct connectExternal applicationsAll blocked

Tenant restrictions (Preview)

Applies toStatus
External users and groupsAll blocked
External applicationsAll blocked

Default settings

Tenant restrictions (Preview)

Applies toStatus
Microsoft Azure GovernmentNot set
Microsoft Azure China (operated by 21Vianet)Not set

Security & Governance



  • None identified


Do you have a suggestion on how the above page could be improved? Get in touch! ASD's Blueprint for Secure Cloud is an open source project, and we would love to get your input. Submit an issue on our GitHub, or send us an email at

Acknowledgement of Country icon

Acknowledgement of Country
We acknowledge the Traditional Owners and Custodians of Country throughout Australia and their continuing connections to land, sea and communities. We pay our respects to them, their cultures and their Elders; past, present and emerging. We also recognise Australia's First Peoples' enduring contribution to Australia's national security.

Authorised by the Australian Government, Canberra