Home

ADFS policies for specific Office 365 services

%3CLINGO-SUB%20id%3D%22lingo-sub-553836%22%20slang%3D%22en-US%22%3EADFS%20policies%20for%20specific%20Office%20365%20services%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-553836%22%20slang%3D%22en-US%22%3E%3CP%3EIs%20there%20a%20way%20to%20create%20ADFS%20policies%20for%20individual%20Office%20365%20services%3F%26nbsp%3B%20I%20have%20been%20asked%20to%20see%20if%20we%20can%20lock%20down%20our%20Sharepoint%20online%20site%20to%20only%20our%20IP%20space.%26nbsp%3B%20I%20know%20this%20can%20be%20done%20through%20the%20admin%20console%20in%20sharepoint%2C%20but%20I%20am%20wondering%20if%20it%20can%20be%20done%20through%20ADFS%20policies.%26nbsp%3B%20We%20use%20adfs%203.0.%26nbsp%3B%20I%20know%20you%20can%20have%20polices%20for%20Active%20Sync%20and%20such%20but%20can%20we%20do%20them%20based%20on%20Sharepoint%2C%20OWA%2C%20etc...%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-553836%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EActive%20Directory%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3ESecurity%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EWindows%20Server%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-554027%22%20slang%3D%22en-US%22%3ERe%3A%20ADFS%20policies%20for%20specific%20Office%20365%20services%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-554027%22%20slang%3D%22en-US%22%3E%3CP%3ENo.%20Any%20rules%20you%20create%20will%20apply%20to%20the%20RPT%20as%20a%20whole%2C%20and%20you%20cannot%20distinguish%20SPO%20resources%20from%20say%20the%20O365%20portal.%20Use%20the%20settings%20in%20the%20SPO%20admin%20center%2C%20or%20a%20conditional%20access%20policy%20scoped%20down%20to%20only%20SPO.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EThe%20reason%20policies%20can%20target%20ActiveSync%20is%20the%20different%20flow%20used%20when%20connecting%20to%20Exchange%20Online%2C%20and%20the%20additional%20claims%20added%20there.%20You%20cannot%20use%20this%20for%20other%20resources.%3C%2FP%3E%3C%2FLINGO-BODY%3E
brentmattson
Occasional Contributor

Is there a way to create ADFS policies for individual Office 365 services?  I have been asked to see if we can lock down our Sharepoint online site to only our IP space.  I know this can be done through the admin console in sharepoint, but I am wondering if it can be done through ADFS policies.  We use adfs 3.0.  I know you can have polices for Active Sync and such but can we do them based on Sharepoint, OWA, etc...?

1 Reply

No. Any rules you create will apply to the RPT as a whole, and you cannot distinguish SPO resources from say the O365 portal. Use the settings in the SPO admin center, or a conditional access policy scoped down to only SPO.

 

The reason policies can target ActiveSync is the different flow used when connecting to Exchange Online, and the additional claims added there. You cannot use this for other resources.

Related Conversations
Stable version of Edge insider browser
HotCakeX in Discussions on
35 Replies
Tabs and Dark Mode
cjc2112 in Discussions on
30 Replies
flashing a white screen while open new tab
Deleted in Discussions on
14 Replies
How to Prevent Teams from Auto-Launch
chenrylee in Microsoft Teams on
29 Replies