cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
SOLVED

Access Restriction outside office

Anoop k
Copper Contributor

‎Jul 19 2016 11:27 AM - last edited on ‎Feb 06 2023 03:24 AM by

‎Jul 19 2016 11:27 AM - last edited on ‎Feb 06 2023 03:24 AM by

Access Restriction outside office

Hi All- We have subscribed office 365 for email services. We have a requirement to get implemented due to security reasons

 

Users should not be able to connect to exchange server via outlook  from home only after connecting VPN. We have already disabled webmail/IMAP and POP3. But since auto-discover feature is there and configuration of mail is very straightforward and easy , users will be able to configure outlook in any machine outside office machine and connect mail. We need to restrict.

 

What are the possible solutions for the case

3,789 Views
2 Likes
7 Replies
Reply
7 Replies
best response confirmed by Jeff Medford (Microsoft)
Vasil Michev

‎Jul 19 2016 11:40 AM

‎Jul 19 2016 11:40 AM

Solution

Re: Access Restriction outside office

Best solition is to implement AD FS, which redirects the authentication to you on-prem AD and gives you control on who/when/how can access the service. So you can for example restrict it to specific IPs only. Here's a reference article: http://technet.microsoft.com/en-us/library/dn592182.aspx

 

If you do not have AD FS in place, another option is to look at the recently announced conditional access via Azure MFA: https://blogs.technet.microsoft.com/enterprisemobility/2016/06/23/azuread-conditional-access-for-off...

4 Likes
Reply
Anoop k

‎Jul 19 2016 11:29 PM

‎Jul 19 2016 11:29 PM

Re: Access Restriction outside office

Thanks much Vasil for your prompt response. It was my findings too though not authentic :) Conditional access works with EMS license only. So i might have to go for an ADFS integrate with O365.

 

Regards

Anoop

0 Likes
Reply
Marcelo Freitas | @mfreitas365

‎Sep 14 2017 08:34 AM

‎Sep 14 2017 08:34 AM

Re: Access Restriction outside office

Hi Vasil. Thank you so much for answer in this post.
I have a question. What is solution when i work Dynamics IPs with my ISP (ADSL connection)?
Thank you.

0 Likes
Reply
Vasil Michev

‎Sep 14 2017 11:10 AM

‎Sep 14 2017 11:10 AM

Re: Access Restriction outside office

I guess you can add a broader range, say /24 or similar?

0 Likes
Reply
Marcelo Freitas | @mfreitas365

‎Sep 15 2017 06:45 AM

‎Sep 15 2017 06:45 AM

Re: Access Restriction outside office

Thanks Vasil for reply.
In this case the IP is random for connection with ISP. I don't know the range IP!

0 Likes
Reply
Vasil Michev

‎Sep 15 2017 10:56 AM

‎Sep 15 2017 10:56 AM

Re: Access Restriction outside office

And there is no possibility to reason with your ISP about this? I mean, you can enforce restrictions based on other criteria, such as device compliance for example, or requiring Azure AD Join, but those come with a lot of prerequisites...

0 Likes
Reply
Marcelo Freitas | @mfreitas365

‎Sep 15 2017 12:53 PM

‎Sep 15 2017 12:53 PM

Re: Access Restriction outside office

Ok Vasil. We propose a solution based on others criteria, as restrition logon hours in Active Directoy too.
Thank you so much.

 

0 Likes
Reply
1 best response

Accepted Solutions
best response confirmed by Jeff Medford (Microsoft)
Vasil Michev

‎Jul 19 2016 11:40 AM

‎Jul 19 2016 11:40 AM

Solution

Re: Access Restriction outside office

Best solition is to implement AD FS, which redirects the authentication to you on-prem AD and gives you control on who/when/how can access the service. So you can for example restrict it to specific IPs only. Here's a reference article: http://technet.microsoft.com/en-us/library/dn592182.aspx

 

If you do not have AD FS in place, another option is to look at the recently announced conditional access via Azure MFA: https://blogs.technet.microsoft.com/enterprisemobility/2016/06/23/azuread-conditional-access-for-off...

View solution in original post

4 Likes
Reply