[Webinar] Streamline your web hosting managementRegister Today

x
?

Office 365 Security (foreign access)

Posted on 2018-02-08
3
Medium Priority
?
29 Views
Last Modified: 2018-02-12
If your in Office 365, Hybrid environment, 10’000 users, is there a way to block access to Exchange Online email/other services from other countries?

We are seeing an large increase in compromised accounts so once the malicious party has the credentials, they log into OWA and send out hundreds of malicious emails, which don’t get scanned as they are considered internal to exchange online. From what I’ve been told.

I know the answer is turn on MFA, which I plan on doing in the near future, but I’m curious as to what other steps can be taken to block or stop these issues almost on a daily basis.

I know I can set cloud app security policies to alert and suspend a user and require the user to log on again, but since were hybrid, with AD on prem, I feel like those features don’t work.

Looking for ideas to better secure external access to online services.

Thanks team...
0
Comment
Question by:Christian Hans
3 Comments
 
LVL 66

Expert Comment

by:btan
ID: 42463125
Not a built in feature for geolocation blocking, but have some good discussion here
as we keep getting compromised accounts from IPs in Lagos, Nigeria.

The one thing I have done though was looks up a list of all IP address blocks used by said country, and created a policy.

Office 365 Cloud App Security > Control > Policies > Create activity policy > Add "Risky IP Addresses" and then under Governance > Enable Suspend User and > Enable Require User to sign in again.

I have created a similar policy to notify me of all "Logons Outside the United States" for selected O365 services.
https://office365.uservoice.com/forums/273493-office-365-admin/suggestions/15621381-block-logins-from-other-countries
0
 
LVL 61

Expert Comment

by:Cliff Galiher
ID: 42463131
Cloud app security works fine in a hybrid scenario. An azure AD premium p2 plan with identity protection configured is also an option.
0
 
LVL 45

Expert Comment

by:Vasil Michev (MVP)
ID: 42463358
Conditional Access Policies in Azure AD can be used to restrict login based on IP, or you can setup AD FS federation and have the same configured on-premises. Or you can just use them to enforce MFA when logging in outside of the corporate network.
0

Featured Post

Evaluating UTMs? Here's what you need to know!

Evaluating a UTM appliance and vendor can prove to be an overwhelming exercise.  How can you make sure that you're getting the security that your organization needs without breaking the bank? Check out our UTM Buyer's Guide for more information on what you should be looking for!

Join & Write a Comment

It's not just another paperwork submission. Serious planning and rigour to managing the whole thought processes need to be put in place. The intent is not on drilling into the details, but to share tips in getting the first thing right to kick-start…
Scripts are great for performing batch jobs against users, however sometimes the GUI is all you need.
Visualize your data even better in Access queries. Given a date and a value, this lesson shows how to compare that value with the previous value, calculate the difference, and display a circle if the value is the same, an up triangle if it increased…
The video provides a quick and easy steps to migrate MBOX file to well known Outlook PST and Office 365. Besides this, it also supports and migrates more than 20 email clients of MBOX which include AppleMail, Opera, Thunderbird and SeaMonkey effortl…

640 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question