Exchange Online Conditional Access

%3CLINGO-SUB%20id%3D%22lingo-sub-2824269%22%20slang%3D%22en-US%22%3EExchange%20Online%20Conditional%20Access%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2824269%22%20slang%3D%22en-US%22%3E%3CP%3ECan%20exchange%20online%20limit%20access%20in%20these%20scenarios%3A%3C%2FP%3E%3CP%3E1%20-%20limit%20access%20for%20outlook%20clients%20to%20come%20from%20corporate%20IP%3F%3C%2FP%3E%3CP%3E2%20-%20limit%20access%20for%20activesync%20clients%20with%20approved%20devices%20(unapproved%20devices%20stay%20in%20quarantine%20until%20approved%20by%20an%20admin)%3C%2FP%3E%3CP%3E3%20-%20disable%20webmail%20for%20every%20mailbox%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-2824269%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EExchange%20Online%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2825556%22%20slang%3D%22en-US%22%3ERe%3A%20Exchange%20Online%20Conditional%20Access%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2825556%22%20slang%3D%22en-US%22%3E1)%20Use%20CA%20policies%20if%20you%20have%20Azure%20AD%20Premium%20or%20client%20access%20rules%20if%20you%20dont%3A%20%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fexchange%2Fclients-and-mobile-in-exchange-online%2Fclient-access-rules%2Fclient-access-rules%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fexchange%2Fclients-and-mobile-in-exchange-online%2Fclient-access-rules%2Fclient-access-rules%3C%2FA%3E%3CBR%20%2F%3E2)%20The%20built-in%20AS%20controls%20allow%20that%2C%20so%20does%20Office%20365%20MRM%20or%20Intune%2C%20the%20latter%20of%20course%20offering%20a%20lot%20more%20options%20that%20the%20former%20two%3CBR%20%2F%3E3)%20Set-CASMailbox%20is%20your%20friend.%3C%2FLINGO-BODY%3E
New Contributor

Can exchange online limit access in these scenarios:

1 - limit access for outlook clients to come from corporate IP?

2 - limit access for activesync clients with approved devices (unapproved devices stay in quarantine until approved by an admin)

3 - disable webmail for every mailbox?

 

 

1 Reply
1) Use CA policies if you have Azure AD Premium or client access rules if you dont: https://docs.microsoft.com/en-us/exchange/clients-and-mobile-in-exchange-online/client-access-rules/...
2) The built-in AS controls allow that, so does Office 365 MRM or Intune, the latter of course offering a lot more options that the former two
3) Set-CASMailbox is your friend.