Some organizations may want to create policies that limit access to Microsoft ® Office 365 services, depending on where the client resides. For example, you might want to:
Active Directory Federation Services (AD FS) 2.0 provides a way for organizations to configure these types of policies. Office 365 customers using Single Sign-On (SSO) who require these policies can now use client access policy rules to restrict access based on the location of the computer or device that is making the request. Customers using Microsoft Online Services cloud IDs cannot implement these restrictions at this time.
You can use an AD FS 2.0 federation server proxy or a third-party proxy to forward requests from clients residing outside the corporate network to the internal Federation Service.