Nov 30 2017 11:32 PM
Hi All,
Can we restrict Office 365 admin portal access, if yes how can we achieve this.
Regards,
Prabhakar
Dec 01 2017 12:16 AM
That's why we have the different admin roles? Which functionality exactly are you looking to restrict?
Dec 01 2017 12:20 AM
Hi Vasil,
Let us take a case of O365 Exchange Online management, Can I restrict the complete portal access and only provide access via remote powershell cmdlets for the support team to perform support activities via RBAC.
Dec 01 2017 12:30 AM
Let's assume If I have ADFS, when I try to access portal.office.com website then I need to have my username@domain.com and password, as soon as I enter my username@domain.com it would redirect me to the ADFS authentication and should restrict saying that portal access is not allowed. Whatever support activities like basic troubleshooting steps should be made available via the respective remote powershell cmdlets.
Dec 01 2017 12:30 AM
The EAC is a special case as it's the only one that actually has a proper RBAC in place, with the UI bits updating dynamically corresponding to the underlying PowerShell cmdlets. So they will only see functionality they have access to. You can "hide" the EAC tile by simply not giving them any Office 365 admin role, but they will still be able to browse to it via the /ecp endpoint.
Dec 01 2017 02:10 AM
Let's assume If I have ADFS, when I try to access portal.office.com website then I need to have my username@domain.com and password, as soon as I enter my username@domain.com it would redirect me to the ADFS authentication and should restrict saying that portal access is not allowed. Whatever support activities like basic troubleshooting steps should be made available via the respective remote powershell cmdlets.
Dec 02 2017 03:08 AM
You cannot block just a specific URL via AD FS claims rules, you will be blocking every other URL Office 365 uses.