Conditional Access Country Login Block

Jon Mercer 996 Reputation points
2024-01-17T16:48:17.21+00:00

This could all just be because I don't understand some parts of this policy. I went through https://learn.microsoft.com/en-us/entra/identity/conditional-access/howto-conditional-access-policy-location and setup a conditional access policy for blocking emails from certain countries like India and China since they are either for real or through proxy/vpn pounding one of our mailboxes trying to login. I enabled it, but the sign-in logs still show that there are login attempts from those locations as well as others that were tagged to be blocked. The policy has been running for about a week now so it should have made it through the system. The basic info for one of them shows this which is what has always been shown. User's image

Location shows this. The location name is the name of my conditional access policy. User's image

It looks like they are not even getting blocked since the rejection was due to incorrect password not the policy. User's image

User's image

Not Monitored
Not Monitored
Tag not monitored by Microsoft.
39,537 questions
0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. Dillon Silzer 57,426 Reputation points
    2024-01-17T19:36:02.4666667+00:00

    Hi Jon,

    Even though you have set the policy it still requires the people to try and authenticate to the accounts. (This is also how Multi-Factor and Modern Authentication works). The Conditional Access Policy only kicks in after the first layer of authentication is completed.

    Unfortuantely, your logs will still continue to fill up and this is completely normal (indicating that the people have tried to authenticate against the account and failed due to being blocked). User's image

    Learn about Conditional Access and Intune

    https://learn.microsoft.com/en-us/mem/intune/protect/conditional-access

    If this is helpful please accept answer.


Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.