创建策略以禁止员工下班后访问电子邮件. [英] Creating Policy to disallow employees to access email after hours.
问题描述
我们混合使用Azure,Intune和O365来管理用户.我希望它允许没有加班时间的用户通过我们的BYOD程序访问他们的电子邮件.问题是我需要阻止他们在下班后不确定访问电子邮件的时间 怎么做.
We use a mixture of Azure, Intune, and O365 to administer our users. I'd like it to allow users (who do not have overtime) to access their emails through our BYOD program. The problem is that I need to keep them from accessing email after hours and unsure how to do so.
通过联系Azure支持(通过Twitter),他们向我提供了有关限制租户对SasS云应用程序访问的文章.在文章中,该文章指出,拥有O365订阅的任何人都应该可以使用此功能,但是在 Azure应用程序,它要求您具有适用于Azure的Premium P2套件.不确定采取哪种最佳路线,我愿意提出任何建议!
Through contacting Azure support (via Twitter) they supplied me with an article on restricting tenant access to SasS cloud applications. In the article, it says that anyone with an O365 subscription should be able to use this feature, but when inside the Azure application, it requests that you have the Premium P2 suite for Azure. Not sure what the best route to take and I'm willing to take any suggestions!
谢谢!
-CodeNeedsCoffee
- CodeNeedsCoffee
推荐答案
在O365中,没有简单的方法(或几乎任何方法)来实现这一目标.租户限制仅在您可以控制出口点时才起作用,而对于家用或移动设备则无能为力.
There is no easy (or practically any) method to achieve this in O365. Tenant restrictions only work when you can control the egress point, which is not something you can do for home or mobile devices.
例如,条件访问允许您基于IP设置限制,但是您不能基于时间强制执行限制.嗯,从技术上讲,您可以按计划启用/停用它们,但是,一旦用户通过身份验证,他就可以继续使用该服务, 除非您还开始弄乱令牌的生命周期...然后它会变得非常混乱.
Conditional access allows you to set up restrictions based on IP for example, but you cannot enforce them based on the time. Well, technically you can enable/disable them on a schedule, however once the user has authenticated he can continue using the service, unless you also start messing with the token lifetimes... and then it gets real messy.
这篇关于创建策略以禁止员工下班后访问电子邮件.的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
