Skip Ribbon Commands
Skip to main content

Xadean's Empirical Musing

:

Quick Launch

Xadean's Empirical Musing > Posts > Limiting Access to Office 365 Services Based on the Location of the Client
December 01
Limiting Access to Office 365 Services Based on the Location of the Client

We encou​ntered a client requirement to restrict access to Office 365 Exchange Online to users on the internal corporate network only.  See this reference article for the specifics.​ 

The following example of a custom claim rule will match all the addresses in the "192.168.1.0/24" and "10.1.20.0/24" ranges and block access to Office 365 for clients outside of these subnets:

exists([Type == "http://schemas.microsoft.com/2012/01/requestcontext/claims/x-ms-proxy"]) &&

NOT exists([Type == "http://schemas.microsoft.com/2012/01/requestcontext/claims/x-ms-forwarded-client-ip",

Value=~"\b192\.168\.1\.([1-9]|1([0-9][0-9])|2([0-4][0-9]|5[0-4]))\b|\b10\.1\.20\.([1-9]|1([0-9][0-9])|2([0-4][0-9]|5[0-4]))\b"])

=> issue(Type = "http://schemas.microsoft.com/authorization/claims/deny", Value = "true");

Comments

There are no comments for this post.

Add Comment

Title


Body *


CAPTCHA *

 

Attachments