Forum Discussion
Control access from Outlook to Exchange Online
Hi,
Checking in to see if anyone is aware of any control that can be enforced to not allow users to simply login into outlook from home PC and sync emails, while ofcourse needing the ability to do so from office computer. I currently do not have Intune, only default functionality with E3 license.
thx
6 Replies
Conditional access would be ideal for this but would require additional licencing:
https://docs.microsoft.com/en-us/intune-classic/deploy-use/restrict-access-to-exchange-online-with-microsoft-intune
Also this one - https://docs.microsoft.com/en-us/azure/active-directory/active-directory-conditional-access
Ruling those out because you mentioned you only have Office 365 E3, do you use AD-FS to federate identity in your tenant? If so there are options there:
https://docs.microsoft.com/en-us/windows-server/identity/ad-fs/operations/ad-fs-client-access-policies
https://technet.microsoft.com/en-us/library/hh526961%28v=ws.10%29.aspx
https://docs.microsoft.com/en-us/windows-server/identity/ad-fs/operations/access-control-policies-w2k12
https://docs.microsoft.com/en-us/windows-server/identity/ad-fs/operations/access-control-policies-in-ad-fs-2
This isn't something I have had a chance to try out, maybe someone else will say what works well for them with this type of scenario!
Hi, I do not have AD FS, I use only Office365 with Azure, but do not have Premimum. So then there is no options that you are aware?
Not completely sure, 'Conditional access based on group and location' is https://www.microsoft.com/en-us/cloud-platform/azure-active-directory-features as only being available with Azure Active Directory Premium P1 or higher. With no ADFS, what else could control access? Hopefully, someone will chip in if they are aware of anything that could fit the bill.
