Restrict access with trusted IP rules

You can limit access to Customer Engagement apps to users with trusted IP addresses to reduce unauthorized access. When trusted IP address restrictions are set in a user’s profile and the user tries to log in from an untrusted IP address, access to Customer Engagement apps is blocked.


Additional security considerations

IP restriction is only enforced during user authentication. This is done by the Azure Active Directory Conditional Access capability. Customer Engagement apps sets a session timeout limit to balance protecting user data and the number of times users are prompted for their sign-in credentials. Trusted IP restriction for devices (including laptops) is not applied until the Customer Engagement apps session timeout expires.

For example, a trusted IP restriction is setup to only allow access to Customer Engagement apps when users are working from a corporate office. When a Customer Engagement apps user signs in into Customer Engagement apps using their laptop from their office and establishes a Customer Engagement apps session, the user can continue to access Customer Engagement apps after leaving the office until the Customer Engagement apps session timeout expires. This behavior also applies to mobile and offsite connections such as: Dynamics 365 for Customer Engagement apps for phones and tablets, and Dynamics 365 App for Outlook.

Create a security group (optional)

You can restrict access to all Users or groups of users. It's more efficient to restrict by a group if only a subset of your Azure Active Directory (Azure AD) users are accessing Customer Engagement apps.

For information, see: Create a basic group and add members using Azure Active Directory.

Create a location based restriction

Access restriction is set using Azure Active Directory (AD) Conditional Access and the Trusted IPs feature of Azure Multi-Factor Authentication.



Setting Conditional Access is only available with an Azure Active Directory Premium license. Upgrade your Azure AD to a Premium license in the Microsoft 365 admin center ( > Billing > Purchase services).

See also

How to set Azure Active Directory device-based conditional access policy for access control to Azure Active Directory connected applications