Allow organizations who integration their environments to office 365 the ability to restrict access to a domain
We needed a branding solution to our product, where we are looking to provide SAML access to the company portal where they can access office 365 apps and our own.
As most companies have built insecurity to their network that allow remote workers access based on VPN or something similar, the employee could still access the online Microsoft applications via SAML without access sour company portal.
Even with access restricted by IP or other conditions, can another condition be placed to force access to:
Example: user = firstname.lastname@example.org (a user within lap.com who is setup in Azure)
Company lap.com All Microsoft business apps use SAML are in Azure as an enterprise application.
If George Smith passes all conditions to access his apps and he logs in from a blocked domain, (ie. office.com), he will be blocked like any other conditional policy.
To access the office 365 applications that are within our own personal environment, he will have to access the lap.com portal, log in with his SAML credentials and then pass the remaining conditions, where from there he will have access to his applications.