Office 365 Security (foreign access)

If your in Office 365, Hybrid environment, 10’000 users, is there a way to block access to Exchange Online email/other services from other countries?

We are seeing an large increase in compromised accounts so once the malicious party has the credentials, they log into OWA and send out hundreds of malicious emails, which don’t get scanned as they are considered internal to exchange online. From what I’ve been told.

I know the answer is turn on MFA, which I plan on doing in the near future, but I’m curious as to what other steps can be taken to block or stop these issues almost on a daily basis.

I know I can set cloud app security policies to alert and suspend a user and require the user to log on again, but since were hybrid, with AD on prem, I feel like those features don’t work.

Looking for ideas to better secure external access to online services.

Thanks team...
Christian HansAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

btanExec ConsultantCommented:
Not a built in feature for geolocation blocking, but have some good discussion here
as we keep getting compromised accounts from IPs in Lagos, Nigeria.

The one thing I have done though was looks up a list of all IP address blocks used by said country, and created a policy.

Office 365 Cloud App Security > Control > Policies > Create activity policy > Add "Risky IP Addresses" and then under Governance > Enable Suspend User and > Enable Require User to sign in again.

I have created a similar policy to notify me of all "Logons Outside the United States" for selected O365 services.
https://office365.uservoice.com/forums/273493-office-365-admin/suggestions/15621381-block-logins-from-other-countries
0
Cliff GaliherCommented:
Cloud app security works fine in a hybrid scenario. An azure AD premium p2 plan with identity protection configured is also an option.
0
Vasil Michev (MVP)Commented:
Conditional Access Policies in Azure AD can be used to restrict login based on IP, or you can setup AD FS federation and have the same configured on-premises. Or you can just use them to enforce MFA when logging in outside of the corporate network.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
btanExec ConsultantCommented:
For author advice.
0
btanExec ConsultantCommented:
No other inputs received
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Office 365

From novice to tech pro — start learning today.