Forum Discussion
Restricting access to Office 365- Microsoft Teams After defined hours
The only way to restrict logon hours is when authentication happens on-premises, so you need either PTA or AD FS. But that will of course apply to all apps, not just Teams. An alternative is to schedule a PowerShell script that periodically disables/reenables the account and revokes tokens. Again, applies to all apps.
CA doesn't offer time-based controls, but it's the only solution that can target just the Teams app.
The only way to restrict logon hours is when authentication happens on-premises, so you need either PTA or AD FS. But that will of course apply to all apps, not just Teams. An alternative is to schedule a PowerShell script that periodically disables/reenables the account and revokes tokens. Again, applies to all apps.
CA doesn't offer time-based controls, but it's the only solution that can target just the Teams app.
- Even when using PTA or ADFS you will have tokens that won't expire and you'll stay logged in, it'll only restrict someone from logging in if their token expires and they need to re-log in during this time or you crank your token expiration way down which will create angry users.
Vasil, The main idea is to block login on teams after office hours. so suppose if I block the login hours from AD then how will it synced with the Teams App in this case the users will still be able to use the team app on their mobile phone. Please suggest
- By using ADFS or pta, all logins go to your AD for authentication! Doesn’t matter where or what device it’s from!
Although as both VasilMichev and I pointed out, this will block logins to all Office 365 services
