Forum Discussion
Access Restriction outside office
Hi All- We have subscribed office 365 for email services. We have a requirement to get implemented due to security reasons
Users should not be able to connect to exchange server via outlook from home only after connecting VPN. We have already disabled webmail/IMAP and POP3. But since auto-discover feature is there and configuration of mail is very straightforward and easy , users will be able to configure outlook in any machine outside office machine and connect mail. We need to restrict.
What are the possible solutions for the case
Best solition is to implement AD FS, which redirects the authentication to you on-prem AD and gives you control on who/when/how can access the service. So you can for example restrict it to specific IPs only. Here's a reference article: http://technet.microsoft.com/en-us/library/dn592182.aspx
If you do not have AD FS in place, another option is to look at the recently announced conditional access via Azure MFA: https://blogs.technet.microsoft.com/enterprisemobility/2016/06/23/azuread-conditional-access-for-office365-exchange-sharepoint-in-preview/
7 Replies
Best solition is to implement AD FS, which redirects the authentication to you on-prem AD and gives you control on who/when/how can access the service. So you can for example restrict it to specific IPs only. Here's a reference article: http://technet.microsoft.com/en-us/library/dn592182.aspx
If you do not have AD FS in place, another option is to look at the recently announced conditional access via Azure MFA: https://blogs.technet.microsoft.com/enterprisemobility/2016/06/23/azuread-conditional-access-for-office365-exchange-sharepoint-in-preview/
Hi Vasil. Thank you so much for answer in this post.
I have a question. What is solution when i work Dynamics IPs with my ISP (ADSL connection)?
Thank you.I guess you can add a broader range, say /24 or similar?
Thanks much Vasil for your prompt response. It was my findings too though not authentic :) Conditional access works with EMS license only. So i might have to go for an ADFS integrate with O365.
Regards
Anoop
