troubleshooting Question

ADFS Claim Rule: Not allowing internal access

Avatar of K B
K BFlag for United States of America asked on
* Active Directory Federation Services (ADFS)ExchangeActive DirectoryMicrosoft 365Powershell
5 Comments1 Solution153 ViewsLast Modified:
Is there any reason why internal users would not be able to access Outlook when utilizing this claim rule?

exists([Type == "http://schemas.microsoft.com/2012/01/requestcontext/claims/x-ms-proxy"])
 && exists([Type == "http://schemas.microsoft.com/ws/2008/06/identity/claims/groupsid", Value =~ "\bS-1-5-21-1292385385-3260344413-318601890-1169\b"])
 => issue(Type = "http://schemas.microsoft.com/authorization/claims/deny", Value = "DenyUsersWithClaim");

Here are the events associated with the requests:

2017-03-07_0952.png
2017-03-07_0953.png
2017-03-07_0953_001.png
ASKER CERTIFIED SOLUTION
Join our community to see this answer!
Unlock 1 Answer and 5 Comments.
Start Free Trial
Learn from the best

Network and collaborate with thousands of CTOs, CISOs, and IT Pros rooting for you and your success.

Andrew Hancock - VMware vExpert
See if this solution works for you by signing up for a 7 day free trial.
Unlock 1 Answer and 5 Comments.
Try for 7 days

”The time we save is the biggest benefit of E-E to our team. What could take multiple guys 2 hours or more each to find is accessed in around 15 minutes on Experts Exchange.

-Mike Kapnisakis, Warner Bros