Current Release Status: GA (June 2017)
Watch the exciting video below to learn how you can use Okta's Office 365 sign-on policies to help you enhance the overall security of your Office 365 Implementation.
Okta's O365 sign-on policies enable you to:
Here are some of the best practices when configuring Client Access Policies:
- Leverage Okta’s policy framework to build rules and controls around how specific clients access the Office 365 service, without having to create complex claim rules, expressions, or PowerShell.
- Configure a set of policies that allows users inside your network to sign-in without the need for MFA on any client.
- Allow users to access Office 365 from outside the network, as long as they have performed MFA.
Here are some links to resources that will help you understand more about Client Access Policies
- Keep in mind that Okta evaluates all rules created by an Okta amin based on rule priority, starting from Priority 1 to the final rule. If a user does not fall within the scope of a rule, they will be subject to the ‘Default sign on rule’, which allows access to Office 365 services.
- If you need to configure multiple Network Locations Zones, you’ll need Okta’s Adaptive MFA SKU.
- Also, remember that Exchange ActiveSync does not support MFA prompts (for example, the Exchange ActiveSync client on iOS), so you’ll want to decide whether or not you would like to allow users access to Exchange ActiveSync.
Is this feature available for Android devices?A:
This feature is currently available for iOS devices only.
Q: What should I do if a user has already configured an email profile prior to enrolling in OMM?
A: Because there have been a few issues associated with this we recommend that your end users delete the manually configured profile from their device.