I was thinking about this too, but we finally declined this idea at all, because there is not enough guaranteed safety.
But, you may create some special field with unique code, that will receive only customer.Your application will require: server, port, and this unique code.When you receive lease from TFS (over net), than you have to check unique code.
In this case, you have 2 secret information: server ( + port) and unique code.
Another possible solution would be to use hash of something (customer name/email/id), but it's only little increase in security.
Unless attacker knows, what else are you checking, it is safe. But also, customer can leak it out, or give it to someone.