Azure AD conditional Access.

Deleted · ‎09-20-2017

I have a scenario here.

1.I configure Azure AD conditional access and define a set of IP addresses to allow access for this.

2.I connect to the internet at home; VPN into my corporate network.

At this point; would the CA policy verify my actual IP(provided by my internet provider) and block access based on the policy OR would it take request as an IP from the VPN and allow me to access the resources on o365?

Peter Klapwijk · ‎09-22-2017

I have not tried it myself, but I think that depends on how you setup the VPN on your device;
route all traffic through the VPN or not.

Peter Klapwijk · ‎09-22-2017

Hi Peter,

Thank you for the response.

I did go through the whole idea of split tunelling; currently i believe the VPN is setup to route local traffic and the ISP would be responsible for the traffic on the internet browsing part;

With the current setup i believe accessing portal.office.com while having the VPN connected would still take the IP address provided by my ISP; however there is a catch to this and i need to do some testing;We do have ADFS setup and i believe the VPN routes the traffic to the adfs servers when authenticating to office 365; in this case the ADFS server would be a local resource that could be reached via the VPN tunnel and if that stands true then i believe the conditional access polices would allow any device that has vpned to access o365 as a whitelisted IP user.

I hope that makes some sense.

Azure AD conditional Access.

Azure AD conditional Access.

Re: Azure AD conditional Access.

Re: Azure AD conditional Access.