Organizations face a critical data protection challenge in needing to permit access to sanctioned corporate SaaS apps while blocking personal or unsanctioned instances of the same app. To address this, we introduced a CASB/DLP enhancement, Tenant Control for Google Workspace Applications. This session-tracking capability allows the system to identify the specific Google tenant (such as corporate your.company.com vs. personal gmail.com) a user is accessing. This enables administrators to create granular policies that permit sanctioned Google Workspace access while blocking or controlling personal accounts, directly preventing data exfiltration. This feature requires an active SaaS Inline license. See SaaS policy rule recommendationsto help you understand which Google Workspace applications are included in this feature and how to enable this capability.