ADFS Claims Rules - Activesync Devices

%3CLINGO-SUB%20id%3D%22lingo-sub-222677%22%20slang%3D%22en-US%22%3EADFS%20Claims%20Rules%20-%20Activesync%20Devices%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-222677%22%20slang%3D%22en-US%22%3E%3CP%3EIs%20it%20possible%20to%20create%20an%20ADFS%20Claims%20Rule%20to%20check%20if%20the%20request%20is%20coming%20from%20an%20allowed%20ActiveSync%20device%2C%20if%20yes%20permit%20signon%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EBasically%2C%20I%20am%20trying%20to%20enable%20external%20access%20to%20specific%20Relay%20Partying%20Trusts%26nbsp%3B%20only%20if%20the%20request%20is%20coming%20from%20a%20mobile%20device%20and%20it%20is%20a%20valid%20active%20sync%20device%20in%20the%20environment.%26nbsp%3B%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-222677%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EAuthentication%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EIdentity%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EMobile%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3ESecurity%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-222920%22%20slang%3D%22en-US%22%3ERe%3A%20ADFS%20Claims%20Rules%20-%20Activesync%20Devices%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-222920%22%20slang%3D%22en-US%22%3E%3CP%3ENo%2C%20there%20is%20no%20way%20for%20the%20AD%20FS%20server%20to%20%22know%22%26nbsp%3Bwhether%20a%20given%20mobile%26nbsp%3Bdevice%20is%20allowed%20or%20not.%3C%2FP%3E%3C%2FLINGO-BODY%3E
Occasional Contributor

Is it possible to create an ADFS Claims Rule to check if the request is coming from an allowed ActiveSync device, if yes permit signon?

 

Basically, I am trying to enable external access to specific Relay Partying Trusts  only if the request is coming from a mobile device and it is a valid active sync device in the environment.  

1 Reply

No, there is no way for the AD FS server to "know" whether a given mobile device is allowed or not.