Securing Office 365 with APM as IdP

Question

I'm evaluating using APM as a SAML identity provider for Office 365, but I'm struggling to find ways to effectively secure access as per my specification.&nbsp;
Windows/ Mac OS, only permit corporate devices.&nbsp;
Mobile, only permit via MDM solution (TBC).&nbsp;
I have implemented device based certificate checks with OCSP, which although a little clunky (cert checker service deployed via GPO) works well on Windows. On Mac OS I have the same check working for administrators in Safari; although the Office 2016 clients, I'm guessing implement a cut down browser for modern authentication redirection which seemingly doesn't support plug-ins.&nbsp;
User certificates don't seem appropriate here as it's the device I'm looking to validate, not the user. I considered whether anything could be done coupling user certs with client side SSO, to remove the login page, but I'm guessing failing to authenticate (on a non-corp device) with Kerberos would result in the browser prompting for credentials, allowing manual input of credentials?&nbsp;
Has anybody got any suggestions, or perhaps any examples? My current policy is getting quite complex.&nbsp;
Cheers.&nbsp;

kunjan · Answer

Probably you need a NAC like ForeScout to integrate with APM.&nbsp;

Forum Discussion

Securing Office 365 with APM as IdP

1 Reply

Recent Discussions

Issue on license renewal

Maximum throughput of f5 ltm

iRule cookie persistence and pool redirect

redirect not working

Access azure app service using f5 LTM

Related Content

Office 365 Tenant Restrictions

SSL VPN Split Tunneling and Office 365

Using ChatGPT for security and introduction of AI security

Auditing Security Policy Updates

HTTP Multipart and Security Implications