2012 R2 Web应用程序代理 - 阻止某些用户 [英] 2012 R2 Web Application Proxy - Block Some Users

问题描述

我们在2012 R2上运行ADFS。我们还在ADFS前面的2012 R2上安装了Web App Proxy。我们目前只在Office 365中使用它。

We have ADFS running on 2012 R2. We also have Web App Proxy on 2012 R2 in front of ADFS. We currently only use this with Office 365.

我需要在办公室外部阻止Office 365中的某些用户。我可以使用Web App Proxy执行此操作吗？它似乎是阻止用户在外部访问O365的最佳位置。

I have a need to block some users from Office 365 when they are external to the office. Can I do this with Web App Proxy? It would appear to be the best place to block users from accessing O365 when external.

谢谢，

保罗

推荐答案

嗨Paul，

您可以通过使用组合阻止访问来为被动应用程序（例如OWA，SharePoint Online）执行此操作声明检查，根据标准是否通过WAP发出请求，用户是否是给定组的成员等，
并在声明中使用该信息随后阻止用户通过拒绝授权规则。但是，由于Office 365作为套件在ADFS中表示为单个依赖方，因此存在限制。

You can do this for passive applications (e.g. OWA, SharePoint Online) by blocking access using a combination of claims checking, based on criteria whether the request is coming through the WAP, whether the user is the member of a given group etc, and use that information in claims to subsequently to block the user by a deny authorization rule. There are limits, however, as Office 365 as a suite is represented as a single relying party in ADFS.

对于活动客户端（如Outlook / EAS），这更加困难，因为请求总是在办公室外面。但是，可以进行适度的锁定。有一篇关于
Technet 的文章，关于配置/使用ADFS锁定Office 365 ..

For Active clients such as Outlook/EAS, this is more difficult, as the request will always be external to the office. However, a moderate amount of lockdown is possible. There's an article on Technet about configuring/locking down Office 365 with ADFS..

这篇关于2012 R2 Web应用程序代理 - 阻止某些用户的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！