Conditional Access: Block access by location

With the location condition in Conditional Access, you can control access to your cloud apps based on the network location of a user. The location condition is commonly used to block access from countries/regions where your organization knows traffic should not come from.

Define locations

  1. Sign in to the Azure portal as a global administrator, security administrator, or Conditional Access administrator.
  2. Browse to Azure Active Directory > Security > Conditional Access > Named locations.
  3. Choose New location.
  4. Give your location a name.
  5. Choose IP ranges if you know the specific externally accessible IPv4 address ranges that make up that location or Countries/Regions.
    1. Provide the IP ranges or select the Countries/Regions for the location you are specifying.
      • If you choose Countries/Regions, you can optionally choose to include unknown areas.
  6. Choose Save

More information about the location condition in Conditional Access can be found in the article, What is the location condition in Azure Active Directory Conditional Access

Create a Conditional Access policy

  1. Sign in to the Azure portal as a global administrator, security administrator, or Conditional Access administrator.
  2. Browse to Azure Active Directory > Security > Conditional Access.
  3. Select New policy.
  4. Give your policy a name. We recommend that organizations create a meaningful standard for the names of their policies.
  5. Under Assignments, select Users and groups
    1. Under Include, select All users.
  6. Under Cloud apps or actions > Include, and select All cloud apps.
  7. Under Conditions > Location.
    1. Set Configure to Yes
    2. Under Include, select Selected locations
    3. Select the blocked location you created for your organization.
    4. Click Select.
  8. Under Access controls > select Block Access, and select Select.
  9. Confirm your settings and set Enable policy to On.
  10. Select Create to create Conditional Access Policy.

Next steps

Conditional Access common policies

Determine impact using Conditional Access report-only mode

Simulate sign in behavior using the Conditional Access What If tool