Microsoft Single-Sign On - Restrict to only one organization?

Hello,

I am using the graph API for login purposes, but the issue is that anyone with Microsoft account can login and its not restricted to just people in my organization.

Is there a way to restrict the access? Let’s say to a particular domain like Microsoft accounts with a @123.company email address.