Skip to content

Network 25377: Users accessing external applications from corporate devices are blocked unless explicitly authorized by tenant restrictions policies #838

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
ashwinikarke wants to merge 15 commits into
base: main
Choose a base branch
from
Open

Network 25377: Users accessing external applications from corporate devices are blocked unless explicitly authorized by tenant restrictions policies #838

ashwinikarke wants to merge 15 commits into from

Conversation

@ashwinikarke
Copy link
Collaborator

@ashwinikarke ashwinikarke commented Jan 28, 2026

No description provided.

@alexandair alexandair requested a review from Copilot January 28, 2026 06:53
Copilot AI reviewed Jan 28, 2026
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Adds a new Network/Global Secure Access assessment (Test ID 25377) to validate that Universal Tenant Restrictions (UTR) are configured to block access to unauthorized external tenants.

Changes:

  • Introduces Test-Assessment-25377 PowerShell test to evaluate Global Secure Access network packet tagging and the tenant restrictions v2 default policy.
  • Adds markdown remediation/description content for the new assessment.

Reviewed changes

Copilot reviewed 2 out of 2 changed files in this pull request and generated 3 comments.

File Description
src/powershell/tests/Test-Assessment.25377.ps1 Implements the assessment logic and detailed markdown reporting for UTR configuration validation.
src/powershell/tests/Test-Assessment.25377.md Provides risk context and remediation guidance with a %TestResult% insertion point.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

alexandair
alexandair requested changes Jan 29, 2026
View reviewed changes
Copy link
Collaborator

@alexandair alexandair left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@ashwinikarke Please, address my feedback.

alexandair
alexandair requested changes Feb 1, 2026
View reviewed changes
Copy link
Collaborator

@alexandair alexandair left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@ashwinikarke
Spec says:

Note: If Users & Groups Target does not equal AllUsers, put Specific users and groups configured in the Current Value column.
Note: If Applications Target does not equal AllApplications, put Specific applications configured in the Current Value column.

Please, address that.

@ashwinikarke
Copy link
Collaborator Author

ashwinikarke commented Feb 2, 2026
edited
Loading

@ashwinikarke Spec says:

Note: If Users & Groups Target does not equal AllUsers, put Specific users and groups configured in the Current Value column. Note: If Applications Target does not equal AllApplications, put Specific applications configured in the Current Value column.

Please, address that.

@alexandair As discussed in the DSM, I’ve updated the table to display up to five applications, with an ellipsis ... shown if there are more than five.

image

merill
merill requested changes Feb 2, 2026
View reviewed changes
Copy link
Collaborator

@merill merill left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@ashwinikarke we need to get the names of the apps and show them. The GUIDs are not going to be helpful. if only the ID is available then you should look up the Service Principals (or Applications) db table by objectid to get the name

@ashwinikarke
Copy link
Collaborator Author

ashwinikarke commented Feb 2, 2026

@ashwinikarke we need to get the names of the apps and show them. The GUIDs are not going to be helpful. if only the ID is available then you should look up the Service Principals (or Applications) db table by objectid to get the name

@merill / @alexandair To retrieve application names from the DB, can I create a shared function in the shared folder so Praneet can also reuse it and include this change in this same PR?

@ashwinikarke ashwinikarke requested a review from merill February 4, 2026 08:54
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@alexandair alexandair Awaiting requested review from alexandair

@merill merill Awaiting requested review from merill

Requested changes must be addressed to merge this pull request.

Assignees

@ashwinikarke ashwinikarke

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@ashwinikarke @merill @alexandair