Today’s (Cloud) Tip… Limiting access to Office 365 based on the location of the client

AD FS has a feature for Office 365 customers named Client Access Policy. Some organizations may want to create policies that limit access to Office 365 services, depending on where the client resides. For example, you might want to:

  • Block all extranet client access to Office 365
  • Block all extranet client access to Office 365, except for devices accessing Exchange Online for Exchange Active Sync

AD FS provides a way for organizations to configure these types of policies. Office 365 customers using identity federation who require these policies can now use client access policy rules to restrict access based on the location of the computer or device that is making the request.

The Client Access Policy Builder is a way to automate the creation of these rules for the most common use case scenarios. 

It allows the user to select one of five supported Client Access Policy scenarios:

  1. Block all external access to Office 365
  2. Block all external access to Office 365 except Exchange ActiveSync
  3. Block all external access to Office 365 except for browser-based applications such as Outlook Web Access or SharePoint Online
  4. Block all external access to Office 365 for members of designated Active Directory groups
  5. Block only external Outlook clients

You can download the Client Access Policy Builder at http://gallery.technet.microsoft.com/office/Client-Access-Policy-30be8ae2.