APM as IdP for Office 365, with IP filtering
We are investigating our options in how to best secure an Office 365 tenant against unlimited access to mailboxes etc from unsecured devices.
Since the device management extensions are not available in the legacy outlook protocols, we probably need to use IP filtering and restrict access to these interfaces to our corporate IP ranges.
And since IP filtering is not a part of the service, we need to use the "ADFS hack" that seems to be the common practice.
However, if possible we would like to avoid the actual product ADFS and instead use the builtin IdP in F5 APM to do the necessary checking. This builds no extra infrastructure and reduces solution complexity.
But this is only possible if F5 APM is able to see, and inspect, the X-MS headers supplied by Microsofts service. Specifically we need to check the x-ms-forwarded-client-ip and x-ms-client-application claims.
Is this possible using only F5 APM? And are there any customer examples of companies doing something similar?