ASD's Blueprint for Secure Cloud

Web Filtering

This section describes the design decisions associated with managing endpoint security for system(s) built using ASD's Blueprint for Secure Cloud.

Estimated reading time: 2 minutes

Microsoft 365 and other enterprise software-as-a-service (SaaS) applications that use Microsoft Entra ID as their identity provider all share URLs with common domain names such as outlook.office.com and login.microsoftonline.com. Blocking these internet addresses to prevent users from accessing other third-party Microsoft 365 tenancies and services would also prevent users from accessing the organisation Microsoft 365 tenancy. With Microsoft Entra ID tenant restrictions, organisations with a supported web filtering system (proxy) can specify the list of approved Microsoft Entra ID tenants that their users are permitted to access (e.g. GovTeams). Microsoft Entra ID then only grants access to these permitted tenants.

Microsoft Entra ID tenant restrictions prerequisites are as follows:

  • The organisation web filtering service must support transport layer security (TLS) interception, hypertext transfer protocol (HTTP) header insertion, uniform resource locator (URL), and fully qualified domain name (FQDN) filtering.
  • Endpoints must trust the web filtering services public key infrastructure (PKI) certificate chain for TLS communications.

For more detail on Microsoft Entra ID tenant restrictions, see use tenant restrictions to manage access to SaaS apps.

Security & Governance

  • None identified

Design

  • None identified

References

Do you have a suggestion on how the above page could be improved? Get in touch! ASD's Blueprint for Secure Cloud is an open source project, and we would love to get your input. Submit an issue on our GitHub, or send us an email at blueprint@asd.gov.au

Acknowledgement of Country icon

Acknowledgement of Country
We acknowledge the Traditional Owners and Custodians of Country throughout Australia and their continuing connections to land, sea and communities. We pay our respects to them, their cultures and their Elders; past, present and emerging. We also recognise Australia's First Peoples' enduring contribution to Australia's national security.

Authorised by the Australian Government, Canberra