Update: Office 365 Client Access Policies are now available and fully supported in General Availability - for Office 365 customers, this is available from your Application Sign-On Policies!
Office 365 is the most widely used application in our network today. Last week we announced Early Access to our Office 365 Provisioning Enhancements and the feedback has been tremendous so far. Today, I wanted to share with you a first look at some of the new functionality we have coming to Office 365 over the next few weeks.
Our Protocol-aware Sign-On Policies will help you to enhance the overall security of your Office 365 implementation. It also lets you leverage Okta’s policy framework to build rules and controls around how specific clients access the service without complex claim rule language, regular expressions or PowerShell.
Let’s take a look.
If you’re familiar with Okta, you know that our granular policy framework allows you to configure how a user can access their digital environment. With Office 365, we have enhanced this further to allow you control sign-in behavior based on the client type as well:
Now what I can do is build granular policies to control the level of access my users have depending on the service they are using.
As an example, I could configure a set of policies that:
- Allow my users inside my network to sign-in without the need for MFA on any client
- Allows users on desktops, accessing from outside the network, to sign-in provided they have performed MFA (Provided Modern Authentication is configured on the tenant and the user is leveraging a client enabled for it)
- Allow users on mobile clients, with Exchange ActiveSync, to sign in from anywhere (without MFA), provided they have been added to a Security Group
This is just a sneak peek of what we have in the works, and we’ll be sure to provide an update over the coming weeks when this feature becomes available to test and deploy in your own organization. In the meantime, we’d love to hear your comments and feedback in this group.