When you migrate from CRM On Premise to CRM Online you immediately get put into the world of access to CRM anywhere via the Internet. If your organization’s philosophy up to that point had been to only allow access to CRM from behind your corporate firewall then you need to do a little more work.
The technet article – Limiting Access to Office 365 Services Based on the Location of the Client gives you a path to mirroring the same access control to CRM as you had when you were on premise. By federating and using the features of your identity provider to block access to the authentication you will limit the points of access.
Our thanks to Marc Schweigert on the MS CRM Product Team for sharing this suggestion with us as a followup to Tip #599