locked
CRM Online - Claims Policy RRS feed

  • Question

  • I would like to protect my CRM online instances from anyone that it not using a company device or coming from a company LAN address.

    We are federated and currently use ADFS

    Would this be possible.?

    Can this be done with ADFS Claims Policies.?

    Thanks Paul

    Monday, January 25, 2016 3:40 PM

Answers

  • Yes but you also need to do some work on the ADFS infrastructure as well.

    If you are just looking for IP addresses or blocking the access depending on the IP address of the client, you can use the Authorization rules. You have some examples here: https://technet.microsoft.com/en-us/library/dn592182.aspx (it is for Office 365 but the concept is the same for any relying party trusts).

    If you are looking at devices, you can also limit the access to the devices which are registered. In that case you would use the Workplace Join feature and that would require you to configure and deploy the Device Registration Service. See here for details: Configure a federation server with Device Registration Service https://technet.microsoft.com/library/dn486831.aspx


    Note: Posts are provided “AS IS” without warranty of any kind, either expressed or implied, including but not limited to the implied warranties of merchantability and/or fitness for a particular purpose.

    Monday, January 25, 2016 3:59 PM

All replies

  • Yes but you also need to do some work on the ADFS infrastructure as well.

    If you are just looking for IP addresses or blocking the access depending on the IP address of the client, you can use the Authorization rules. You have some examples here: https://technet.microsoft.com/en-us/library/dn592182.aspx (it is for Office 365 but the concept is the same for any relying party trusts).

    If you are looking at devices, you can also limit the access to the devices which are registered. In that case you would use the Workplace Join feature and that would require you to configure and deploy the Device Registration Service. See here for details: Configure a federation server with Device Registration Service https://technet.microsoft.com/library/dn486831.aspx


    Note: Posts are provided “AS IS” without warranty of any kind, either expressed or implied, including but not limited to the implied warranties of merchantability and/or fitness for a particular purpose.

    Monday, January 25, 2016 3:59 PM
  • Hi Pierre,

    Thank you very much for you help, I will look through these options and let you know if I have any further questions.

    Many Thanks Paul

    Monday, January 25, 2016 4:48 PM
  • Would this imply that these two methods could be used together.

    From what I can tell it appears that if I do IP blocking then the Mobile devices will stop working anyway.?

    Regards Paul

    Wednesday, January 27, 2016 1:00 PM