Solved

Restricting OWA / ActiveSync Access

Posted on 2015-01-28
5
181 Views
Last Modified: 2015-01-28
We need to configure Exchange Online so that users are only able to access OWA / ActiveSync from the company network, e.g. all remote users are required to connect to the network via an existing VPN.

Is it possible to restrict OWA and ActiveSync to a single public IP address or is there any other solution which will achieve this. I've heard that it may be possible to do this with ADFS, however we don't want to introduce that level of additional complexity / on-premise servers.
0
Comment
Question by:Hypervizor
5 Comments
 
LVL 16

Expert Comment

by:Ivan
ID: 40574719
Hi there,

this is a new one for me :)

I guess if you were to block SSL port to Exchange, eg. disable that NAT rule, no1 from outside would be able to connect to OWA. In the same time Outlook Anywhere would not work..
You could introduce policy to quarantine mobile devices and decide which one should be able to connect..but that is not quite what is your requirement.

Maybe some1 got some better solutions :)

Regards,
0
 
LVL 3

Expert Comment

by:Waddah Dahah
ID: 40574742
Hi,

Remove any public DNS record that point to your exchange i.e (Autodiscover, webmail,etc..)
Remove the publishing rule in your firewall that allow 443 or 80 to your CAS server.
Configure internal DNS with your exchange records i.e (Autodiscover, webmail,etc..)
your client DNS setting when they connect via VPN should point to your internal DNS server.

Regards,
Waddah
0
 
LVL 16

Expert Comment

by:Ivan
ID: 40574771
He cannot remove public DNS records if he is using them for POP/IMAP or such services.

Regards,
0
 

Author Comment

by:Hypervizor
ID: 40574772
Surely blocking anything locally on-premise isn't going to help because a laptop user can connect to an Internet connection anywhere and connect to the Office 365 portal to access OWA?
0
 
LVL 39

Accepted Solution

by:
Vasil Michev (MVP) earned 500 total points
ID: 40574986
For Exchange Online, you can only restrict usage if you have AD FS in place: http://technet.microsoft.com/en-us/library/dn592182.aspx
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

This article explains how to prepare an HTML email signature template file containing dynamic placeholders for users' Azure AD data. Furthermore, it explains how to use this file to remotely set up a department-wide email signature policy in Office …
This is my first article on Expert Exchange on the Manual Method of Exporting Office 365 Mailboxes to PST format by using the eDiscovery mechanism of Office. Hope you will enjoy the article.
This lesson covers basic error handling code in Microsoft Excel using VBA. This is the first lesson in a 3-part series that uses code to loop through an Excel spreadsheet in VBA and then fix errors, taking advantage of error handling code. This l…
A company’s greatest vulnerability is their email. CEO fraud, ransomware and spear phishing attacks are the no1 threat to a company’s security. Cybercrime is responsible for the largest loss of money to companies today with losses projected to r…

919 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now