Solved

Restricting OWA / ActiveSync Access

Posted on 2015-01-28
5
186 Views
Last Modified: 2015-01-28
We need to configure Exchange Online so that users are only able to access OWA / ActiveSync from the company network, e.g. all remote users are required to connect to the network via an existing VPN.

Is it possible to restrict OWA and ActiveSync to a single public IP address or is there any other solution which will achieve this. I've heard that it may be possible to do this with ADFS, however we don't want to introduce that level of additional complexity / on-premise servers.
0
Comment
Question by:Hypervizor
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
5 Comments
 
LVL 17

Expert Comment

by:Ivan
ID: 40574719
Hi there,

this is a new one for me :)

I guess if you were to block SSL port to Exchange, eg. disable that NAT rule, no1 from outside would be able to connect to OWA. In the same time Outlook Anywhere would not work..
You could introduce policy to quarantine mobile devices and decide which one should be able to connect..but that is not quite what is your requirement.

Maybe some1 got some better solutions :)

Regards,
0
 
LVL 3

Expert Comment

by:Waddah Dahah
ID: 40574742
Hi,

Remove any public DNS record that point to your exchange i.e (Autodiscover, webmail,etc..)
Remove the publishing rule in your firewall that allow 443 or 80 to your CAS server.
Configure internal DNS with your exchange records i.e (Autodiscover, webmail,etc..)
your client DNS setting when they connect via VPN should point to your internal DNS server.

Regards,
Waddah
0
 
LVL 17

Expert Comment

by:Ivan
ID: 40574771
He cannot remove public DNS records if he is using them for POP/IMAP or such services.

Regards,
0
 

Author Comment

by:Hypervizor
ID: 40574772
Surely blocking anything locally on-premise isn't going to help because a laptop user can connect to an Internet connection anywhere and connect to the Office 365 portal to access OWA?
0
 
LVL 41

Accepted Solution

by:
Vasil Michev (MVP) earned 500 total points
ID: 40574986
For Exchange Online, you can only restrict usage if you have AD FS in place: http://technet.microsoft.com/en-us/library/dn592182.aspx
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Old Office 365 admin portal 2 152
Word 2016 - Automatic image caption numbering 3 65
problem with office 365 portal 7 42
Office/Outlook 365 Deployment on Windows 2012 RDS 7 117
Cloud-based technologies and services will continue to grow in popularity in 2017 thanks to the simple, scalable and cost-effective solutions they deliver. Here are three areas where cloud adoption is poised to really take off.
It’s the first day of March, the weather is starting to warm up and the excitement of the upcoming St. Patrick’s Day holiday can be felt throughout the world.
This Experts Exchange video Micro Tutorial shows how to tell Microsoft Office that a word is NOT spelled correctly. Microsoft Office has a built-in, main dictionary that is shared by Office apps, including Excel, Outlook, PowerPoint, and Word. When …
how to add IIS SMTP to handle application/Scanner relays into office 365.

752 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question