Forum Discussion

Copper Contributor

Jul 19, 2016

Solved

Access Restriction outside office

Hi All- We have subscribed office 365 for email services. We have a requirement to get implemented due to security reasons Users should not be able to connect to exchange server via outlook from...

microsoft 365 groups

office 365

VasilMichev
Jul 19, 2016
Best solition is to implement AD FS, which redirects the authentication to you on-prem AD and gives you control on who/when/how can access the service. So you can for example restrict it to specific IPs only. Here's a reference article: http://technet.microsoft.com/en-us/library/dn592182.aspx

If you do not have AD FS in place, another option is to look at the recently announced conditional access via Azure MFA: https://blogs.technet.microsoft.com/enterprisemobility/2016/06/23/azuread-conditional-access-for-office365-exchange-sharepoint-in-preview/

Marcelo Freitas | @mfreitas365

Brass Contributor

Sep 14, 2017

Hi Vasil. Thank you so much for answer in this post.
I have a question. What is solution when i work Dynamics IPs with my ISP (ADSL connection)?
Thank you.

VasilMichev

MVP

Sep 14, 2017

I guess you can add a broader range, say /24 or similar?

Marcelo Freitas | @mfreitas365
Brass Contributor
Sep 15, 2017
Thanks Vasil for reply.
In this case the IP is random for connection with ISP. I don't know the range IP!
- VasilMichev
  MVP
  Sep 15, 2017
  And there is no possibility to reason with your ISP about this? I mean, you can enforce restrictions based on other criteria, such as device compliance for example, or requiring Azure AD Join, but those come with a lot of prerequisites...
  - Marcelo Freitas | @mfreitas365
    Brass Contributor
    Sep 15, 2017
    Ok Vasil. We propose a solution based on others criteria, as restrition logon hours in Active Directoy too.
    Thank you so much.