• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 83
  • Last Modified:

Office 365 Security (foreign access)

If your in Office 365, Hybrid environment, 10’000 users, is there a way to block access to Exchange Online email/other services from other countries?

We are seeing an large increase in compromised accounts so once the malicious party has the credentials, they log into OWA and send out hundreds of malicious emails, which don’t get scanned as they are considered internal to exchange online. From what I’ve been told.

I know the answer is turn on MFA, which I plan on doing in the near future, but I’m curious as to what other steps can be taken to block or stop these issues almost on a daily basis.

I know I can set cloud app security policies to alert and suspend a user and require the user to log on again, but since were hybrid, with AD on prem, I feel like those features don’t work.

Looking for ideas to better secure external access to online services.

Thanks team...
0
Christian Hans
Asked:
Christian Hans
  • 3
3 Solutions
 
btanExec ConsultantCommented:
Not a built in feature for geolocation blocking, but have some good discussion here
as we keep getting compromised accounts from IPs in Lagos, Nigeria.

The one thing I have done though was looks up a list of all IP address blocks used by said country, and created a policy.

Office 365 Cloud App Security > Control > Policies > Create activity policy > Add "Risky IP Addresses" and then under Governance > Enable Suspend User and > Enable Require User to sign in again.

I have created a similar policy to notify me of all "Logons Outside the United States" for selected O365 services.
https://office365.uservoice.com/forums/273493-office-365-admin/suggestions/15621381-block-logins-from-other-countries
0
 
Cliff GaliherCommented:
Cloud app security works fine in a hybrid scenario. An azure AD premium p2 plan with identity protection configured is also an option.
0
 
Vasil Michev (MVP)Commented:
Conditional Access Policies in Azure AD can be used to restrict login based on IP, or you can setup AD FS federation and have the same configured on-premises. Or you can just use them to enforce MFA when logging in outside of the corporate network.
0
 
btanExec ConsultantCommented:
For author advice.
0
 
btanExec ConsultantCommented:
No other inputs received
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Protect Your Employees from Wi-Fi Threats

As Wi-Fi growth and popularity continues to climb, not everyone understands the risks that come with connecting to public Wi-Fi or even offering Wi-Fi to employees, visitors and guests. Download the resource kit to make sure your safe wherever business takes you!

  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now