I'm looking for the best way to restrict users who can access OWA externally, while keeping internal access to OWA open to everyone. We would preferably like to control who has external access to OWA with an AD group. Users who have external access, would need both external and internal access to OWA. Internal users would only have internal access to OWA.
TMG is off the table since it is EOL. Reverse proxy might be a possibility, but I'm running into issues with the security setup and passing credentials.
Does anyone know the best way of restricting external access without disabling internal access?
Thanks