In an ADFS 3.0 scenario with Office365, I set an adfs rule that allows outlook access to Office365, only from certain public ip addresses. From version Skype For Business up to 16.0.4498.1000, The application is affected by this strange problem: When the
user of the organization use skype4b out of the addresses defined in the ADFS rules, the user logs on the application, goes online (so skype is usable), but a annoying pop-up appears continuously asking for credentials. By analyzing in detail, Skype also tries
to use Mapi for the calendar, which is clearly blocked by the rule defined below. How can I do to improve the current rule in production by inserting a condition that implicitly allows skype4b ?
Exists ([Type == "http://schemas.microsoft.com/2012/01/requestcontext/claims/x-ms-proxy"]) && exists ([Type == "http://schemas.microsoft.com/2012/01/requestcontext/claims/x-ms-client-application", Value == "Microsoft.Exchange.SMTP | Microsoft.Exchange.Pop | Microsoft.Exchange.Imap | Microsoft.Exchange.PopImap | Microsoft.Exchange.Mapi | Microsoft.Exchange.RPC | Microsoft.Exchange.Nspi | Microsoft.Exchange.OfflineAddressBook "]) && NOT exists ([Type == "http://schemas.microsoft.com/2012/01/requestcontext/claims/x-ms-forwarded-client-ip", Value = ~ "LIST IP ALLOW"]) => Issue (Type = "http://schemas.microsoft.com/authorization/claims/deny", Value = "true");
Thanks
