I'm looking for a solution to limit access to Office 365 (Exchange, OneDrive, ...) from the internet. I don't want that users can read or send mails from outside the company but when they are on premise, it's okay. As usual there is some exceptions : certain users should access their mails from internet. Internet access must be secure with MFA.
I've already made some research and it seems that there is 2 options for me :
- Azure AD Conditional access (require a premium license)
- ADFS conditional access
But I still have some questions :
1) Can I achieve my goal with both options ?
2) Is there any other solution to achieve my goal ?
3) Currently, there is an hybrid Exchange with Azure AD Connect set up, is it compatible with conditionals access ?
Just to make sure you understand the process correctly, both Azure AD CA and AD FS claims rules only restrict the authentication. If the user authenticates in your "internal" network and gets his laptop home, he will still be able to happily access messages until the token expires, which can be a very long time in general.