Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Restricting OWA / ActiveSync Access

Posted on 2015-01-28
5
Medium Priority
?
191 Views
Last Modified: 2015-01-28
We need to configure Exchange Online so that users are only able to access OWA / ActiveSync from the company network, e.g. all remote users are required to connect to the network via an existing VPN.

Is it possible to restrict OWA and ActiveSync to a single public IP address or is there any other solution which will achieve this. I've heard that it may be possible to do this with ADFS, however we don't want to introduce that level of additional complexity / on-premise servers.
0
Comment
Question by:Hypervizor
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
5 Comments
 
LVL 17

Expert Comment

by:Ivan
ID: 40574719
Hi there,

this is a new one for me :)

I guess if you were to block SSL port to Exchange, eg. disable that NAT rule, no1 from outside would be able to connect to OWA. In the same time Outlook Anywhere would not work..
You could introduce policy to quarantine mobile devices and decide which one should be able to connect..but that is not quite what is your requirement.

Maybe some1 got some better solutions :)

Regards,
0
 
LVL 3

Expert Comment

by:Waddah Dahah
ID: 40574742
Hi,

Remove any public DNS record that point to your exchange i.e (Autodiscover, webmail,etc..)
Remove the publishing rule in your firewall that allow 443 or 80 to your CAS server.
Configure internal DNS with your exchange records i.e (Autodiscover, webmail,etc..)
your client DNS setting when they connect via VPN should point to your internal DNS server.

Regards,
Waddah
0
 
LVL 17

Expert Comment

by:Ivan
ID: 40574771
He cannot remove public DNS records if he is using them for POP/IMAP or such services.

Regards,
0
 

Author Comment

by:Hypervizor
ID: 40574772
Surely blocking anything locally on-premise isn't going to help because a laptop user can connect to an Internet connection anywhere and connect to the Office 365 portal to access OWA?
0
 
LVL 43

Accepted Solution

by:
Vasil Michev (MVP) earned 2000 total points
ID: 40574986
For Exchange Online, you can only restrict usage if you have AD FS in place: http://technet.microsoft.com/en-us/library/dn592182.aspx
0

Featured Post

NFR key for Veeam Backup for Microsoft Office 365

Veeam is happy to provide a free NFR license (for 1 year, up to 10 users). This license allows for the non‑production use of Veeam Backup for Microsoft Office 365 in your home lab without any feature limitations.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

As cyber crime continues to grow in both numbers and sophistication, a troubling trend of optimization has emerged over the last year.
Microsoft Office 365 is a subscriptions based service which includes services like Exchange Online and Skype for business Online. These services integrate with Microsoft's online version of Active Directory called Azure Active Directory.
In this video you will find out how to export Office 365 mailboxes using the built in eDiscovery tool. Bear in mind that although this method might be useful in some cases, using PST files as Office 365 backup is troublesome in a long run (more on t…
Visualize your data even better in Access queries. Given a date and a value, this lesson shows how to compare that value with the previous value, calculate the difference, and display a circle if the value is the same, an up triangle if it increased…

670 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question