About Office 365 sign on policies
Office 365 sign on policies in Okta add an extra layer of security to your org-level sign on policies. Sign on policies allow you to restrict access to your apps based on end-user's network location, originating IP address, group membership, and ability to satisfy multifactor authentication (MFA) challenges. With sign on policies specific to the Office 365 app, you can extend the reach of these restrictions for the following client types that access Office 365 services:
- Web browsers
- Modern authentication clients
- Exchange ActiveSync clients
- Modern authentication supported mobile apps such as iOS or Android
Okta uses host headers sent from the client and the Office 365 service to make access decisions based on the policies that you've configured. Okta determines the client type by reading the request header. The client, which writes the header, is responsible for its accuracy. You can inspect the headers in the System Log.