Solved

Restricting OWA / ActiveSync Access

Posted on 2015-01-28
5
189 Views
Last Modified: 2015-01-28
We need to configure Exchange Online so that users are only able to access OWA / ActiveSync from the company network, e.g. all remote users are required to connect to the network via an existing VPN.

Is it possible to restrict OWA and ActiveSync to a single public IP address or is there any other solution which will achieve this. I've heard that it may be possible to do this with ADFS, however we don't want to introduce that level of additional complexity / on-premise servers.
0
Comment
Question by:Hypervizor
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
5 Comments
 
LVL 17

Expert Comment

by:Ivan
ID: 40574719
Hi there,

this is a new one for me :)

I guess if you were to block SSL port to Exchange, eg. disable that NAT rule, no1 from outside would be able to connect to OWA. In the same time Outlook Anywhere would not work..
You could introduce policy to quarantine mobile devices and decide which one should be able to connect..but that is not quite what is your requirement.

Maybe some1 got some better solutions :)

Regards,
0
 
LVL 3

Expert Comment

by:Waddah Dahah
ID: 40574742
Hi,

Remove any public DNS record that point to your exchange i.e (Autodiscover, webmail,etc..)
Remove the publishing rule in your firewall that allow 443 or 80 to your CAS server.
Configure internal DNS with your exchange records i.e (Autodiscover, webmail,etc..)
your client DNS setting when they connect via VPN should point to your internal DNS server.

Regards,
Waddah
0
 
LVL 17

Expert Comment

by:Ivan
ID: 40574771
He cannot remove public DNS records if he is using them for POP/IMAP or such services.

Regards,
0
 

Author Comment

by:Hypervizor
ID: 40574772
Surely blocking anything locally on-premise isn't going to help because a laptop user can connect to an Internet connection anywhere and connect to the Office 365 portal to access OWA?
0
 
LVL 42

Accepted Solution

by:
Vasil Michev (MVP) earned 500 total points
ID: 40574986
For Exchange Online, you can only restrict usage if you have AD FS in place: http://technet.microsoft.com/en-us/library/dn592182.aspx
0

Featured Post

Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Cloud-based technologies and services will continue to grow in popularity in 2017 thanks to the simple, scalable and cost-effective solutions they deliver. Here are three areas where cloud adoption is poised to really take off.
If you troubleshoot Outlook for clients, you may want to know a bit more about the OST file before doing your next job. IMAP can cause a lot of drama if removed in the accounts without backing up.
In a previous video Micro Tutorial here at Experts Exchange (http://www.experts-exchange.com/videos/1358/How-to-get-a-free-trial-of-Office-365-with-the-Office-2016-desktop-applications.html), I explained how to get a free, one-month trial of Office …
To add imagery to an HTML email signature, you have two options available to you. You can either add a logo/image by embedding it directly into the signature or hosting it externally and linking to it. The vast majority of email clients display l…

622 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question