Power Platform – Upcoming enforcement of tenant isolation [MC981567]

As part of our Secure by Default initiative, the tenant isolation feature will be enabled by default for all Power Platform tenants as the new default behavior. The enforcement is scheduled to begin the first week of March 24, 2025.

This feature applies only to Power Platform policies and is separate from guest access policies and Azure tenant restriction features.

How does this affect me?
Tenant isolation only applies to connectors running within a tenant. The default tenant isolation behavior will block all connection attempts from one tenant to another; inbound (connections to the tenant from external tenants), outbound (connections from the tenant to external tenants), or both (inbound – outbound) will be blocked by Power Platform.

Communications within the same tenant will not be affected. In addition, users logging in as guests (guest user access) will remain unaffected.

What do I need to do to prepare?
To prevent any disruptions, if our traffic monitoring logs indicate cross-tenant connections involving your tenant, we will proactively set up the necessary policies for you before enforcement. This message is for awareness and no action is required.

However, if you prefer to configure policies proactively prior to enforcement, you can do so by following the tenant isolation policy. Additionally, please ensure you identify scenarios currently using cross-tenant connections or anticipate calls to or from other tenants by establishing an allow list of the relevant tenant IDs by following the recommended guidelines.