Enforcing login controls

Forcepoint ONE SSE offers a few different ways to enforce login controls for which tenants or domains users can access in Microsoft 365 when deployed with the forward proxy.

Forcepoint ONE SSE can restrict tenant access based on HTTP Header Requests by domains applied to the entirety of users in Microsoft 365, or by domains applied by contextual policies. Refer to Configuring HTTP Request Headers.

Note: Admins should only configure one way for applying login controls. Do not configure more than one option for login control (applying the login control that affects all users by domains AND the HTTP Header Request) as this will result in a setting misconfiguration.