Limiting Access to Office 365 Services Based on Location
Office 365 and Exchange Online continue to use Outlook Web App, Outlook MAPI, Outlook Anywhere, and ActiveSync for client connections. Customers have expressed concerns about data loss while outside of the network and would want policies in place that limit access to Office 365 services, depending on where the client resides.
If using ADFS 2.0 for single sign on to Office 365 services, we can also enable built in client access policy features.
Client Access Policy Scenarios
|Block all external access to Office 365||Office 365 access is allowed from all clients on the internal corporate network, but requests from external clients are denied based on the IP address of the external client.|
|Block all external access to Office 365, except Exchange ActiveSync||Office 365 access is allowed from all clients on the internal corporate network, as well as from any external client devices, such as smart phones, that make use of Exchange ActiveSync. All other external clients, such as those using Outlook, are blocked.|
|Block all external access to Office 365, except for browser-based applications such as Outlook Web Access or SharePoint Online||Blocks external access to Office 365, except for passive (browser-based) applications such as Outlook Web Access or SharePoint Online.|
|Block all external access to Office 365 for members of designated Active Directory groups.||This scenario is used for testing and validating client access policy deployment. It blocks external access to Office 365 only for members of one or more Active Directory group. It can also be used to provide external access only to members of a group.|
Using ADFS Client Access policies in conjunction with disabling Outlook cached mode will give clients full control of where their data can be accessed in any given scenario.
This posting is provided "AS IS" with no warranties, and confers no rights.
Matt Scherocman brings more than 15 years of experience in the information technology industry to Interlink Cloud Advisors. His experience includes both the system integrator and manufacturer sides of the business. During his time at the Microsoft Corporation he was responsible for all the the Large Account Reseller (LAR) relationships in the four state Heartland Area of Michigan, Ohio, Kentucky, and Tennessee. Prior to Microsoft, Scherocman led a Cincinnati based IT consulting company to grow 5000% and become a Microsoft Worldwide Partner of the Year. He is actively involved in the strategic vision and operation decisions of the company including finance, selling strategy and marketing. Matt holds a Bachelor of Science in Business degree from Miami University and is a Certified Expert in Microsoft licensing including speaking engagements at both Microsoft's Worldwide Partner Conference and Channel Partner Summit. He is a frequent contributor to leading industry publications.
All content provided on this blog is for informational purposes only. The owner of this blog makes no representations or warranties regarding the information from our partners or other external sources.