Your company has an Office 365 subscription that is configured for single sign-on (SSO) to an on-premises deployment of Active Directory.
After a security breach, management at the company decides that only clients from the internal corporate network can be authenticated by using Active Directory Federation Services (AD FS).
You need to configure AD FS to prevent external clients from being authenticated by using AD FS.
What should you add in AD FS? or deny claims that will determine whether a user or a group of users will be allowed to access AD FS-secured resources or not. Authorization rules can only be set on relying party trusts. So you need to add a relying party trust to AD FS. conditional-access-control
A.
a claims provider trust
B.
a relying party trust
C.
a claim rule
D.
a non-claims-aware relying party trust
Explanation:
Access control in AD FS is implemented with issuance authorization claim rules that are used to issue a permit
References: https://docs.microsoft.com/en-us/windows-server/identity/ad-fs/operations/manage-risk-with-