Forum Discussion

PKlapwijk's avatar
PKlapwijk
MVP
Dec 15, 2016

Restrict email access to Exchange Online

Hi all,   I have a situation of a customer without an on-prem Active Directory, only using some cloud apps, like Office 365. They want to block access to (in first place) e-mail on non managed dev...
PKlapwijk's avatar
PKlapwijk
MVP
Jan 24, 2017

Hi Chris Eckel

 

This is an cloud only customer. So part of my solution for this was blocking basic auth for Exchange Online. In this situaton that was no problem, customer is running only Outlook 2013/ 2016. Till now it is not yet implemented to the customer his tenant, was just running this in a lab.


But in your situation, with an On-prem AD, if you don`t want to use ADFS, have a look at the New Azure Portal. Below Azure Active Directory you find Conditional Access. You can create an policy to just allow Exchange Online access to Domain Joined devices, filter it on Windows devices and you can setup another solution for your mobile devices.

 

Clifford Kennedy's avatar
Clifford Kennedy
Iron Contributor
Feb 03, 2017

The CA policies get you most of the way there - but I beleive you still need to set the ADFS claims rule to block the down-level clients.  We found you still need basic to ensure mobile clients using EAS can connect and retireve content.  Of course, if you are using Outloof for iOS/Android only, which no longer relies on the EAS channel, you could implement MAM+CA in this case.

Resources