Question:
How can I restrict users from logging into my DocuWare Cloud organization from outside my internal network?
Answer:
This is something that can be accomplished by utilizing Office 365 and enabling the feature "Conditional Access Policy" while using single sign-on only. This means you must force all users to log in with single sign-on.
This can be done by enabling "Enforce single sign-on user authentication for all users" from the Security tab located in the Organization Settings plugin, which can be found on the Configurations page. 
After this is enabled, you can find the steps and details needed to perform this restriction of access here: Conditional Access Policy Setup.
Once configured, users attempting to log in from outside your network will receive the following message:
KBA is applicable for Cloud Organizations ONLY.
