Per-tenant permissions, especially to deny access to internal

Would like to have a way to at least prevent some users from accessing an internal/MSP tenant, but ideally permissions around who can get to tenants at all. Based on AzureaD Group membership would be a bonus :slight_smile: But I’d be fine with just an “internal tenant explicitly denied to all but explicit set of users.”

NinjaRMM’s role-based permissions with custom organization (their tenant name) system is similar to what I’m suggesting, by way of example.