Forum Discussion
assessing security restrictions between 'internal' and external access to an ExO mailbox
Do MFA/conditional access security features (plus any other default security protections built into Microsoft 365/Exchange Online) behave different dependent on where a connection is coming from. For example, will the system do the exact same MFA prompts/conditional access checks for an employee ‘in the office’ connecting via outlook from a managed device (InTune), as opposed a connection from a completely external source connecting via a non-managed device (personal smartphone/laptop for example).
And if so, how and where specifically can you check the configurations to see the difference in prompts/restrictions between the 2 types of access (internal and external). For example, is it common to relax certain checks/prompts for ‘internal access’, that aren’t relaxed for external connections?
- By default, everything is "external", as this is a SaaS offering after all. You can configure "named locations/IP ranges" and configure them as "trusted", then scope your policies accordingly. https://learn.microsoft.com/en-us/entra/identity/conditional-access/location-condition#preview-features
- By default, everything is "external", as this is a SaaS offering after all. You can configure "named locations/IP ranges" and configure them as "trusted", then scope your policies accordingly. https://learn.microsoft.com/en-us/entra/identity/conditional-access/location-condition#preview-features