question

JayDill-2775 avatar image
0 Votes"
JayDill-2775 asked JayDill-2775 commented

How can I set Conditional Access by IP address without mfa enabled?

We have an email account that should only be accessed by users in the building- How can we restrict login by IP to an account without MFA

azure-ad-conditional-access
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

1 Answer

amanpreetsingh-msft avatar image
0 Votes"
amanpreetsingh-msft answered JayDill-2775 commented

Hi @JayDill-2775 • Thank you for reaching out. For this purpose, please configure Conditional Access as mentioned below:

1 . Azure AD > Security > Named locations > +IP ranges location > Assign a name and add public IP subnet or address that represents the public IP of the building.
2 . Create a Conditional Access Policy with below settings:
- Add user account (the email account is configured for).
- Under Cloud apps or actions, add Office 365 Exchange Online.
- Under Conditions > Locations > Include Any location and exclude the location created in step 1.
- Under Grant > Block access.
3 . Set Enable Policy to ON and create the policy.

With above settings, conditional access will block sign-in for the specified account from all locations except the location (trusted building) excluded from the policy and MFA won't be required.


Please "Accept the answer" if the information helped you. This will help us and others in the community as well.

· 2
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Hi @JayDill-2775 • Have you had a chance to test it out?

0 Votes 0 ·

Currently away, but look forward to trying first thing Tuesday- thank you for your help and will let you know soon how I fare.

0 Votes 0 ·