You have an Exchange Server 2013 organization that has a hybrid deployment with Microsoft Office 365. The
hybrid deployment use Active Directory Federation Services (AD FS) 3.0.
You need to ensure that only Exchange ActiveSync devices are allowed to access Office 365 services from
outside of the organization.
Which two actions should you perform? Each correct answer presents part of the solution.
A.
Create a Mobile Device Mailbox Policy.
B.
Update the Office 365 Identify Platform relying party trust.
C.
Add claims rules to the Active Directory claims provider trust.
D.
Update the Office mobile device policy.
E.
Add an Active Directory Identify Platform relying party trust.
Explanation:
C: Step 1: Add claim rules to the Active Directory Claims Provider trust Block all external access to Office 365
except Exchange ActiveSync
The following example allows access to all Office 365 applications, including Exchange Online, from internal
clients including Outlook. It blocks access from clients residing outside the corporate network, as indicated by
the client IP address, except for Exchange ActiveSync clients such as smart phones. The rule set builds on the
default Issuance Authorization rule titled Permit Access to All Users. Use the following steps to add an Issuance
Authorization rule to the Office 365 relying party trust using the Claim Rule Wizard: (steps omitted).
B: Step 2: Update the Microsoft Office 365 Identity Platform relying party trust
Limiting Access to Office 365 Services Based on the Location of the Client
https://technet.microsoft.com/en-us/library/hh526961(v=ws.10).aspx