Create a GPO that allows only email access via Office 365
How do I create a GPO in Windows server 2008 that would allow users to only access email from hosted exchange via Office 365. I dont want them to be able to surf websites.
Hi,
Are your users using laptops and mobile or desktops and Office based on a LAN?
You'll need to determine where this will happen - if it's on the LAN network, then your router/firewall/proxy should be configured to do this. Rather than the devices themselves.
For when they are mobile, you'll need to create some GPOs which apply to the public/private firewall profiles - Domain will be enabled if the devices can authenticate to a Domain controller. However, be aware that changes to these will impact the endpoints ability to authenticate so your firewall rules will need to be configured carefully.
You will need to change the default allow Oubound All policy on the private/public firewall policy to Block, Except.
Your outbound rules will need to include:
DHCP - ability to get an IP address
DNS resolution - to resolve hosts etc.
LSASS to your DCs for Kerberos and LDAP
NCSI - to detect internet connections for NLASrv
HTTPS to Office 365 IP ranges
Hope this helps.
Create a firewall policy that only allows HTTPS to go to the relevant Office 365 ranges.
Are your users using laptops and mobile or desktops and Office based on a LAN?
You'll need to determine where this will happen - if it's on the LAN network, then your router/firewall/proxy should be configured to do this. Rather than the devices themselves.
For when they are mobile, you'll need to create some GPOs which apply to the public/private firewall profiles - Domain will be enabled if the devices can authenticate to a Domain controller. However, be aware that changes to these will impact the endpoints ability to authenticate so your firewall rules will need to be configured carefully.
You will need to change the default allow Oubound All policy on the private/public firewall policy to Block, Except.
Your outbound rules will need to include:
DHCP - ability to get an IP address
DNS resolution - to resolve hosts etc.
LSASS to your DCs for Kerberos and LDAP
NCSI - to detect internet connections for NLASrv
HTTPS to Office 365 IP ranges
Hope this helps.
Create a firewall policy that only allows HTTPS to go to the relevant Office 365 ranges.
ASKER
This is just for a handful of desktops inside a LAN.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Based on this you can build some firewall rules to allow users to access Office 365 services.
And in this article you can find some details how to build Firewall rules using Group Policy: Windows Firewall and IPsec Policy Deployment Step-by-Step Guide