Oct 01 2020 07:37 AM
Oct 01 2020 07:37 AM
We are accessing office 365 Mailbox on Azure cloud from AWS Virtual Private cloud through OAUTH 2.0. How can we impose restriction to allow Office 365 is accesible from only IP Address range of AWS VPC?
Oct 01 2020 09:04 AM
You either need to use Conditional Access (https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/howto-conditional-access-...) or redirect the auth process to some external system (federation) and impose the restrictions there.
Oct 02 2020 04:59 AM
Thanks Vasil. I doubt we have premium subscription to utilize conditional access. Can you share more details on option "redirect the auth process to some external system (federation) and impose the restrictions there".
Oct 09 2020 02:59 AM
As Office 365 is accessed from AWS VPC cloud , what IP addresses I need to provide while whitelisting IP address using conditional access of Azure Active Directory. I have with me details of AWS VPC CIDR , but CIDR range is private Ip addresses. I think I need to provide public IP addresses in AAD configuration , so what IP address from AWS I should be looking for?
Oct 09 2020 09:48 AM
@Vasil Michev Regarding conditinal access I went through documentation. When using location settings we can specify access requests from particular IP addresses or countries to be blocked . This is what I found in documentation , is it possible to specify settings other way like to allow requests from only certain IP adddresses , if it comes from any other IP addresses (not specified) requests shuld be blocked.
Oct 14 2020 03:51 AM
@Vasil Michev I appreciate your valuable time in responding to my questions. We do have conditinal access feature. Our Application is registered to run as background service or daemon without a signed-in user. The application is accessed from AWS cloud through Oauth2.0 authentication. Can conditional access be still applied?
Oct 14 2020 10:15 AM
Conditional access doesnt apply to application logins, that's different from "user" access. Depending on the protocol your app is using, you might be able to restrict it via Client Access Rules: https://docs.microsoft.com/en-us/exchange/clients-and-mobile-in-exchange-online/client-access-rules/...
Oct 14 2020 10:37 AM
@Vasil Michev Thanks Vasil , I too found the same solution. Due to some reason, our team is not ready apply access rules at exchange level. Do we have any other alternative?
Oct 14 2020 11:24 PM
Nothing within O365, you can certainly add some restrictions in the app itself though.