An update is currently under way (scheduled to be completed by end of December) to help you better manage client access to Exchange Online.
Client Access Rule for Exchange Online can only be managed by PowerShell.
With this new capability, you can define access rules to authorize/block access based on client IP addresses, clients used, protocol or even group membership.
The client access rule is composed by 4 components:
- the condition(s) to be matched to apply the rule (see https://technet.microsoft.com/library/mt842508.aspx#CARConditionsAnExceptions for conditional details)
- the exception(s) (if any) to not apply the rule if the condition(s) is/are matched
- the actions which authorize (AllowAccess) or deny (DenyAccess) the access
- and finally the priority which defines the order of application; the lower value, the higher priority. This means the processing stops when the client match the first access rule condition
When implementing client access rules you need to keep in mind that your corporate network is not automatically set to grant access.
Complete details for implementing, managing and testing client access rule are available at https://technet.microsoft.com/en-us/library/mt842507.aspx
For example, thanks to the new access rule capability you will be able to “disable” POP and/or IMAP protocol by blocking the access instead of having to disable the protocols at the mailbox level.