Solved

Restricting OWA / ActiveSync Access

Posted on 2015-01-28
5
185 Views
Last Modified: 2015-01-28
We need to configure Exchange Online so that users are only able to access OWA / ActiveSync from the company network, e.g. all remote users are required to connect to the network via an existing VPN.

Is it possible to restrict OWA and ActiveSync to a single public IP address or is there any other solution which will achieve this. I've heard that it may be possible to do this with ADFS, however we don't want to introduce that level of additional complexity / on-premise servers.
0
Comment
Question by:Hypervizor
5 Comments
 
LVL 16

Expert Comment

by:Ivan
ID: 40574719
Hi there,

this is a new one for me :)

I guess if you were to block SSL port to Exchange, eg. disable that NAT rule, no1 from outside would be able to connect to OWA. In the same time Outlook Anywhere would not work..
You could introduce policy to quarantine mobile devices and decide which one should be able to connect..but that is not quite what is your requirement.

Maybe some1 got some better solutions :)

Regards,
0
 
LVL 3

Expert Comment

by:Waddah Dahah
ID: 40574742
Hi,

Remove any public DNS record that point to your exchange i.e (Autodiscover, webmail,etc..)
Remove the publishing rule in your firewall that allow 443 or 80 to your CAS server.
Configure internal DNS with your exchange records i.e (Autodiscover, webmail,etc..)
your client DNS setting when they connect via VPN should point to your internal DNS server.

Regards,
Waddah
0
 
LVL 16

Expert Comment

by:Ivan
ID: 40574771
He cannot remove public DNS records if he is using them for POP/IMAP or such services.

Regards,
0
 

Author Comment

by:Hypervizor
ID: 40574772
Surely blocking anything locally on-premise isn't going to help because a laptop user can connect to an Internet connection anywhere and connect to the Office 365 portal to access OWA?
0
 
LVL 40

Accepted Solution

by:
Vasil Michev (MVP) earned 500 total points
ID: 40574986
For Exchange Online, you can only restrict usage if you have AD FS in place: http://technet.microsoft.com/en-us/library/dn592182.aspx
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

This article explains how to prepare an HTML email signature template file containing dynamic placeholders for users' Azure AD data. Furthermore, it explains how to use this file to remotely set up a department-wide email signature policy in Office …
Cloud-based technologies and services will continue to grow in popularity in 2017 thanks to the simple, scalable and cost-effective solutions they deliver. Here are three areas where cloud adoption is poised to really take off.
This lesson covers basic error handling code in Microsoft Excel using VBA. This is the first lesson in a 3-part series that uses code to loop through an Excel spreadsheet in VBA and then fix errors, taking advantage of error handling code. This l…
This Experts Exchange video Micro Tutorial shows how to tell Microsoft Office that a word is NOT spelled correctly. Microsoft Office has a built-in, main dictionary that is shared by Office apps, including Excel, Outlook, PowerPoint, and Word. When …

685 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question