Link to home
Create AccountLog in
Avatar of Zoldy2000
Zoldy2000Flag for Canada

asked on

How to limit a domain account in hybrid office 365 deployment to only office 365 logon

How to limit a domain account in hybrid office 365 deployment to only office 365 logon.    No local domain access or logon privileges.

User existed already and used to have local domain privileges and logon rights.

User now is remote and permanently only requires access to his office 365 email.      We want to remove all domain privileges and logon rights.      Is there an easy way to accomplish this as some rights may be explicit.

For example can we deny all logons accept office 365?
Avatar of Vasil Michev (MVP)
Vasil Michev (MVP)
Flag of Bulgaria image

How are your users authenticating against O365? Generally speaking, they dont need any local rights to work with O365 services. You can even disable the account, unless you are using AD FS/PTA or any other form of authentication that relies on the on-premises AD.
Avatar of Zoldy2000


We are in a hybrid setup and using AD sync to authenticate
If just using hash sync, the authentication for O365 isn't relying on windows active directory.
Our Office 365 accounts are authenticating using our Active Directory that I know for sure.    i want to keep this while limiting this account.
Avatar of Justin Hannah
Justin Hannah
Flag of Australia image

Link to home
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.
See answer
Restricting the logon is exactly what I was looking for.   I simply restricted logons to a non existing computer name.