access only on network

Not applicable

A quick question here for the community:

Requirement: No access to Office365 when outside the Corp network.

So we have adfs, and ca policies that i have played around with but the underlying problem is as follows:


1. User signs in to a Rich client - outlook on windows / mobile apps while on the Corp network.
2. User goes home/ basically of the corp network and is still signed in OR in other words not really restricted to just on "corp network"

With browsers, its fairly straight forward where a session expires and the next sign in would then follow the respective control , whether ADFS claim rules or CA policies.

The challenge here is with rich clients that use access and refresh tokens and stay signed in even outside the network.

Has anyone found an approach that Truly restricts access only on the Corp network/VPN?

1 Reply

Generally speaking, conditional access (when used with the location condition) should invalidate tokens. One thing you can try is reduce the token lifetime, as detailed here:

This method will soon go away though, so maybe wait a bit for the replacement.



Related Conversations
Tabs and Dark Mode
cjc2112 in Discussions on
38 Replies
Extentions Synchronization
Deleted in Discussions on
3 Replies
flashing a white screen while open new tab
Deleted in Discussions on
14 Replies
Stable version of Edge insider browser
HotCakeX in Discussions on
35 Replies
Security Community Webinars
Valon_Kolica in Security, Privacy & Compliance on
13 Replies