Limit user login only from domain joined or compliant pc

Don_Vlogeer · ‎Jul 25 2023

Dear All,

is there anyway we to limit user access mailbox only from domain joined pc, not allowed to login via personal or public pc.

for owa we can certainly use ADFS to setup rules, is there any possibility on outlook client either using hma, adfs, or conditional access.

Our environment is exchange 2019 hybrid

Vasil Michev · ‎Jul 25 2023

Conditional access should help: https://learn.microsoft.com/en-us/azure/active-directory/conditional-access/howto-conditional-access...

Don_Vlogeer · ‎Jul 25 2023

May I know in CA under target resources, there is no exchange server, if exchange online covering on premise mailboxes as well ?

thank you.

Vasil Michev · ‎Jul 26 2023

The condition you've selected applies only to cloud app (those that integrate with Azure AD). To get CA policies to work with Exchange Server, you should implement HMA: https://learn.microsoft.com/en-us/mem/intune/protect/conditional-access-intune-common-ways-use#intun...

Don_Vlogeer · ‎Jul 26 2023

Thank your for quick respond. Our environment HMA already in position by following this kb, but still no luck using CA.

what else would need to setup for CA to control mailbox hosted on exchange server.

Vasil Michev · ‎Jul 27 2023

Are the devices Intune managed?

Don_Vlogeer · ‎Jul 27 2023

Not at this time, only couple pc managed by Intune, most all of them are SCCM managed. May I know CA only applicable to those managed by Intune?

Vasil Michev · ‎Jul 27 2023

If the idea is to restrict access based on the device compliance, Intune is a requirement. Otherwise, you should be able to use other conditions.

Don_Vlogeer · ‎Aug 04 2023

Got it, thank you for your input and we have the ideas to move on this path.

Re: Limit user login only from domain joined or compliant pc