We have an email account that should only be accessed by users in the building- How can we restrict login by IP to an account without MFA
We have an email account that should only be accessed by users in the building- How can we restrict login by IP to an account without MFA
Hi @JayDill-2775 • Thank you for reaching out. For this purpose, please configure Conditional Access as mentioned below:
1 . Azure AD > Security > Named locations > +IP ranges location > Assign a name and add public IP subnet or address that represents the public IP of the building.
2 . Create a Conditional Access Policy with below settings:
- Add user account (the email account is configured for).
- Under Cloud apps or actions, add Office 365 Exchange Online.
- Under Conditions > Locations > Include Any location and exclude the location created in step 1.
- Under Grant > Block access.
3 . Set Enable Policy to ON and create the policy.
With above settings, conditional access will block sign-in for the specified account from all locations except the location (trusted building) excluded from the policy and MFA won't be required.
Please "Accept the answer" if the information helped you. This will help us and others in the community as well.
Currently away, but look forward to trying first thing Tuesday- thank you for your help and will let you know soon how I fare.
3 people are following this question.