Enhance the Security of your O365 Implementation Skip to main content
How satisfied are you with the Okta Help Center?
Thank you for your feedback!
How satisfied are you with the Okta Help Center?
Very Dissatisfied
Very satisfied
Enter content less than 200 characters.
Enhance the Security of your O365 Implementation
Published: Jul 28, 2017   -   Updated: Jul 18, 2018
Current Release Status: GA (June 2017)
Watch the exciting video below to learn how you can use Okta's Office 365 sign-on policies to help you enhance the overall security of your Office 365 Implementation.

Feature Highlights

Okta's O365 sign-on policies enable you to:
  1. Leverage Okta’s policy framework to build rules and controls around how specific clients access the Office 365 service, without having to create complex claim rules, expressions, or PowerShell.
  2. Configure a set of policies that allows users inside your network to sign-in without the need for MFA on any client.
  3. Allow users to access Office 365 from outside the network, as long as they have performed MFA.

Best Practices
Here are some of the best practices when configuring Client Access Policies: 
  1. Keep in mind that Okta evaluates all rules created by an Okta amin based on rule priority, starting from Priority 1 to the final rule. If a user does not fall within the scope of a rule, they will be subject to the ‘Default sign on rule’, which allows access to Office 365 services.
  2. If you need to configure multiple Network Locations Zones, you’ll need Okta’s Adaptive MFA SKU.
  3. Also, remember that Exchange ActiveSync does not support MFA prompts (for example, the Exchange ActiveSync client on iOS), so you’ll want to decide whether or not you would like to allow users access to Exchange ActiveSync.

Here are some links to resources that will help you understand more about Client Access Policies   User-added image
Q: Is this feature available for Android devices?
A: This feature is currently available for iOS devices only.

Q: What should I do if a user has already configured an email profile prior to enrolling in OMM?
A: Because there have been a few issues associated with this we recommend that your end users delete the manually configured profile from their device.