You have an Exchange Server 2013 organization that has a hybrid deployment with Microsoft Office
365. The hybrid deployment use Active Directory Federation Services (AD FS) 3.0.
You need to ensure that only Exchange ActiveSync devices are allowed to access Office 365 services
from outside of the organization.
Which two actions should you perform? Each correct answer presents part of the solution.

A.
Create a Mobile Device Mailbox Policy.

B.
Update the Office 365 Identify Platform relying party trust.

C.
Add claims rules to the Active Directory claims provider trust.

D.
Update the Office mobile device policy.

E.
Add an Active Directory Identify Platform relying party trust.

Explanation:
C: Step 1: Add claim rules to the Active Directory Claims Provider trust
Block all external access to Office 365 except Exchange ActiveSync
The following example allows access to all Office 365 applications, including Exchange Online, from
internal clients including Outlook. It blocks access from clients residing outside the corporate
network, as indicated by the client IP address, except for Exchange ActiveSync clients such as smart
phones. The rule set builds on the default Issuance Authorization rule titled Permit Access to All
Users. Use the following steps to add an Issuance Authorization rule to the Office 365 relying party
trust using the Claim Rule Wizard: (steps omitted).
B: Step 2: Update the Microsoft Office 365 Identity Platform relying party trust

Limiting Access to Office 365 Services Based on the Location of the Client
https://technet.microsoft.com/en-us/library/hh526961(v=ws.10).aspx