Jul 19 2016
11:27 AM
- last edited on
Feb 06 2023
03:24 AM
by
TechCommunityAP
Jul 19 2016
11:27 AM
- last edited on
Feb 06 2023
03:24 AM
by
TechCommunityAP
Hi All- We have subscribed office 365 for email services. We have a requirement to get implemented due to security reasons
Users should not be able to connect to exchange server via outlook from home only after connecting VPN. We have already disabled webmail/IMAP and POP3. But since auto-discover feature is there and configuration of mail is very straightforward and easy , users will be able to configure outlook in any machine outside office machine and connect mail. We need to restrict.
What are the possible solutions for the case
Jul 19 2016 11:40 AM
SolutionBest solition is to implement AD FS, which redirects the authentication to you on-prem AD and gives you control on who/when/how can access the service. So you can for example restrict it to specific IPs only. Here's a reference article: http://technet.microsoft.com/en-us/library/dn592182.aspx
If you do not have AD FS in place, another option is to look at the recently announced conditional access via Azure MFA: https://blogs.technet.microsoft.com/enterprisemobility/2016/06/23/azuread-conditional-access-for-off...
Jul 19 2016 11:29 PM
Thanks much Vasil for your prompt response. It was my findings too though not authentic :) Conditional access works with EMS license only. So i might have to go for an ADFS integrate with O365.
Regards
Anoop
Sep 14 2017 08:34 AM
Hi Vasil. Thank you so much for answer in this post.
I have a question. What is solution when i work Dynamics IPs with my ISP (ADSL connection)?
Thank you.
Sep 14 2017 11:10 AM
I guess you can add a broader range, say /24 or similar?
Sep 15 2017 06:45 AM
Thanks Vasil for reply.
In this case the IP is random for connection with ISP. I don't know the range IP!
Sep 15 2017 10:56 AM
And there is no possibility to reason with your ISP about this? I mean, you can enforce restrictions based on other criteria, such as device compliance for example, or requiring Azure AD Join, but those come with a lot of prerequisites...
Sep 15 2017 12:53 PM
Ok Vasil. We propose a solution based on others criteria, as restrition logon hours in Active Directoy too.
Thank you so much.
Jul 19 2016 11:40 AM
SolutionBest solition is to implement AD FS, which redirects the authentication to you on-prem AD and gives you control on who/when/how can access the service. So you can for example restrict it to specific IPs only. Here's a reference article: http://technet.microsoft.com/en-us/library/dn592182.aspx
If you do not have AD FS in place, another option is to look at the recently announced conditional access via Azure MFA: https://blogs.technet.microsoft.com/enterprisemobility/2016/06/23/azuread-conditional-access-for-off...