locked
Enrolled Win10 device ADFS/SharePoint access RRS feed

  • Question

  • Hi All,

    Hope this is the correct area to raise this but technically covers 3 areas.

    We have ADFS 3.0 configured for SSO to only allow access to Office 365 on trusted IP's or Exchange ActiveSync for email.

    I'm testing a Windows 10 device. Enrolled it into company and all standard Intune policies have applied.

    However I'm now able to access SharePoint online which should be blocked as I'm not on a trusted IP.

    Is this Intune trusting the device and allowing SSO or ADFS?

    What do I need to configure to not allow this access unless on the trusted IP?

    Thanks in Advance

    Gareth

    Sunday, April 10, 2016 1:44 PM

Answers

  • Hi,

    Intune has no policies to control from which IP Address any access is coming. This is strictly a function
    of ADFS 3.0 and as such not supported directly by Intune Technical Support.


    The relevant article to configure access control in ADFS 3.0 is here under
    Scenario 2:

    https://technet.microsoft.com/en-us/library/dn592182.aspx

    Should you require further support for ADFS 3.0, please contact your ADFS Support channel with a direct support request.


    Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Thursday, April 14, 2016 1:51 AM

All replies

  • Hello Gareth,

    Have you created some claim rules? 

    Office 365 customers using Single Sign-On (SSO) who require these policies can now use client access policy rules to restrict access based on the location of the computer or device that is making the request.

    https://technet.microsoft.com/en-us/library/hh526961%28v=ws.10%29.aspx?f=255&MSPPError=-2147217396


    Nick Pilon | Blog : System Center Dudes

    Sunday, April 10, 2016 2:11 PM
  • Hi,

    Intune has no policies to control from which IP Address any access is coming. This is strictly a function
    of ADFS 3.0 and as such not supported directly by Intune Technical Support.


    The relevant article to configure access control in ADFS 3.0 is here under
    Scenario 2:

    https://technet.microsoft.com/en-us/library/dn592182.aspx

    Should you require further support for ADFS 3.0, please contact your ADFS Support channel with a direct support request.


    Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Thursday, April 14, 2016 1:51 AM