none
The new "Client Acccess Rule" introduced in Exchange online is not working properly

    Question

  • Hi,

    I am trying to achieve a scenario where I have 30 users on Exchange online. I would like to enable access to Exchange online to these users only through OWA. So, I have disabled all other protocols for the users under the mailbox settings.

    My next requirement is to restrict these users from accessing Exchange online from any network apart from the internal network. To achieve this I have run the following script

    New-ClientAccessRule -name BlockOwA -Action DenyAccess -AnyOfProtocols OutlookWebApp -ExceptAnyOfClientIPAddressesOrRanges XX.XX.XX.XX

    XX.XX.XX.XX is my public IP address (Egress IP).

    The rule works well with blocking access to everyone. In fact, too well and it blocks my internal access as well. On the portal, I can see the "Sign-In" logs to verify the request is going out from the Ip address I have set the exception. However, every time I have tried to access, I get the same message "Access to Outlook on the web has been blocked by your organization."

    I don't see any more information related to this new feature. Has anyone does this and was successful in achieving what I am trying here? Any help is much appreciated.

    Thank you,

    Santosh

    Friday, June 01, 2018 2:41 PM

All replies

  • Hi Santosh,

    Have you configure multiple client access rules in your environment, and its priority?
    Run Get-ClientAccessRule to check.

    Please note how rules are evaluated: The first rule is applied, and subsequent rules are ignored.
    Thus, please increase the priority of your "BlockOwA".

    Best Regards,
    Allen Wang


    Please remember to mark the replies as answers if they helped. If you have feedback for TechNet Subscriber Support, contact tnsf@microsoft.com.


    Click here to learn more. Visit the dedicated forum to share, explore and talk to experts about Microsoft Teams.

    Monday, June 04, 2018 10:06 AM
    Moderator
  • Hi,

    Any further help we can do for you?
    If it's solved, would you please post the solution here to share it with us? Thanks.
    Also, please free to mark the useful reply as answer. Thanks for your cooperation.

    Best Regards,
    Allen Wang


    Please remember to mark the replies as answers if they helped. If you have feedback for TechNet Subscriber Support, contact tnsf@microsoft.com.


    Click here to learn more. Visit the dedicated forum to share, explore and talk to experts about Microsoft Teams.

    Friday, June 15, 2018 1:44 AM
    Moderator