Recently, I was asked for possible solutions to enforce VPN connection to access Office 365. This seems odd at first, for this is against one of the tenets of Office 365, accessing service from anywhere and on any device. But then there is always a certain use case that needs to be addressed. In this case, the customer had deployed Office 365 and federated using ADFS, a textbook deployment with 2 ADFS server farm, and 2 WAPs in the DMZ. Within the Microsoft 365 world, Intune and Conditional access would enable for enforcing policies. However, that will also require the customer to acquire additional licenses beyond O365 E3, which my customer did not want to do. I compiled some of the possibilities with ADFS to enforce VPN connectivity. Although I do not recommend anyone to bypass the features, I want to share this out to get some feedback from the community, to see if this is such a common scenario, or if anyone implemented any of these or other cost-effective solutions...
Comments
Post a Comment