question

SkipHofmann-4893 avatar image
0 Votes"
SkipHofmann-4893 asked JamesTran-MSFT answered

Conditional Access

I'm trying to create a CA policy that forces mfa for access to azure management portal, and also source connection must be from the US. If i connect from outside the US i get access. I understand why its because i didn't meet all of the requirements. How can i allow access, but only allow from specific ip's ?

I dont want anyone to access the azure management portal from outside the US. I know i can setup a block rule, but then i cant use things like compliant device or force mfa. 

azure-ad-conditional-access
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

SkipHofmann-4893 avatar image
1 Vote"
SkipHofmann-4893 answered

I figured this out. Listing the steps to help anyone else with similar issue

Have to create two CA policies. One that blocks all locations except US. Then a second CA policy that allows from location US and forces MFA

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

JamesTran-MSFT avatar image
0 Votes"
JamesTran-MSFT answered

@SkipHofmann-4893
Thank you for the quick follow up on this and I'm glad that you were able to resolve your issue!


Additional Link:
Using the location condition in a Conditional Access policy


If you have any other questions, please let me know.
Thank you for your time and patience throughout this issue.


Please remember to "Accept Answer" if any answer/reply helped, so that others in the community facing similar issues can easily find the solution.

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.