Requirement - Want to access email on Maas 360 enabled devices.

 

Issue encountered – as users are part of <g class="gr_ gr_21 gr-alert gr_gramm gr_inline_cards gr_run_anim Grammar only-ins doubleReplace replaceWithoutSep" id="21" data-gr-id="21">selective</g> restricted group they are not allowed to access emails on Maas 360 platform.

 

Why these users cannot be moved out of the restricted security group – access of webmail/ OWA at O365 is allowed for selective set of users through controlled policy, allowing them to access only from allowed corporate network, for the same I have defined a claim rule at ADFS level mapping them with the restricted security group and binding them with an access to allowed corporate network.

 

As I move the user out of this group he will be able to access OWA/Webmail of O365 without any kind of restriction defeating the basic purpose.

 

My ask/recommendation is the list of IP Segment of Maas 360 connectivity establishment so as same can be mapped with my ADFS rule, known Maas360 IP Zones.

------------------------------
Thanks and Regards,
Shivam Vaish
------------------------------

Hi Shivam
You might want to use a reverse proxy so that all ActiveSync communication will have to pass through your company network. You can then map the reverse proxy appliance with your ADFS rule.
If needed MaaS360 can make available a reverse proxy for you, called Email Access Gateway.
The EAG installation guide is available here.
Best regards,
Eric Bos

------------------------------
Eric Bos
------------------------------

Original Message:
Sent: 02-20-2019 02:30 AM
From: Shivam Vaish
Subject: MDM access for O365 users

Requirement - Want to access email on Maas 360 enabled devices.

 

Issue encountered – as users are part of restricted group they are not allowed to access emails on Maas 360 platform.

 

Why these users cannot be moved out of the restricted security group – access of webmail/ OWA at O365 is allowed for selective set of users through controlled policy, allowing them to access only from allowed corporate network, for the same I have defined a claim rule at ADFS level mapping them with the restricted security group and binding them with an access to allowed corporate network.

 

As I move the user out of this group he will be able to access OWA/Webmail of O365 without any kind of restriction defeating the basic purpose.

 

My ask/recommendation is the list of IP Segment of Maas 360 connectivity establishment so as same can be mapped with my ADFS rule, known Maas360 IP Zones.

------------------------------
Thanks and Regards,
Shivam Vaish
------------------------------