cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
SOLVED

assessing security restrictions between 'internal' and external access to an ExO mailbox

CB1
Brass Contributor

‎Dec 08 2023 02:14 AM - edited ‎Dec 08 2023 02:14 AM

‎Dec 08 2023 02:14 AM - edited ‎Dec 08 2023 02:14 AM

assessing security restrictions between 'internal' and external access to an ExO mailbox

Do MFA/conditional access security features (plus any other default security protections built into Microsoft 365/Exchange Online) behave different dependent on where a connection is coming from. For example, will the system do the exact same MFA prompts/conditional access checks for an employee ‘in the office’ connecting via outlook from a managed device (InTune), as opposed a connection from a completely external source connecting via a non-managed device (personal smartphone/laptop for example).

And if so, how and where specifically can you check the configurations to see the difference in prompts/restrictions between the 2 types of access (internal and external). For example, is it common to relax certain checks/prompts for ‘internal access’, that aren’t relaxed for external connections?

197 Views
1 Like
1 Reply
Reply
1 Reply
best response confirmed by CB1 (Brass Contributor)
Vasil Michev

‎Dec 08 2023 08:28 AM

‎Dec 08 2023 08:28 AM

Solution

Re: assessing security restrictions between 'internal' and external access to an ExO mailbox

By default, everything is "external", as this is a SaaS offering after all. You can configure "named locations/IP ranges" and configure them as "trusted", then scope your policies accordingly. https://learn.microsoft.com/en-us/entra/identity/conditional-access/location-condition#preview-featu...
1 Like
Reply
1 best response

Accepted Solutions
best response confirmed by CB1 (Brass Contributor)
Vasil Michev

‎Dec 08 2023 08:28 AM

‎Dec 08 2023 08:28 AM

Solution

Re: assessing security restrictions between 'internal' and external access to an ExO mailbox

By default, everything is "external", as this is a SaaS offering after all. You can configure "named locations/IP ranges" and configure them as "trusted", then scope your policies accordingly. https://learn.microsoft.com/en-us/entra/identity/conditional-access/location-condition#preview-featu...

View solution in original post

1 Like
Reply