Hello @rr-4098,
Thank you for posting your query on Microsoft Q&A.
Based on your description, it appears you are trying to create a conditional access policy to secure your tenant from risky sign-ins. You are following an article that mentions blocking "Impossible travel" at step 12. Up to this point, the instructions are accurate. At step 12, you should select "Block access" (no other options are necessary) and save the policy. This policy will block access for users flagged with a high sign-in risk level, though you can adjust the risk level based on your organization's policies.
Creating a block policy will completely deny access to users who are classified as high-risk. In such cases, users will need to contact the IT helpdesk to have their access unblocked by dismissing the risk. To protect your organization, Microsoft recommends the following risk policy configurations:
- User risk policy
- Require a secure password change when user risk level is High. Microsoft Entra multifactor authentication is required before the user can create a new password with password writeback to remediate their risk.
- Sign-in risk policy
- Require Microsoft Entra multifactor authentication when sign-in risk level is Medium or High, allowing users to prove it's them by using one of their registered authentication methods, remediating the sign-in risk.
You can refer to the following document for step-by-step instructions on setting up user risk policies and sign-in risk policies:
User Risk Policy and Sign-in Risk Policy Setup
I hope this information is helpful. Please feel free to reach out if you have any further questions.
If this answers your query, do click Accept Answer and Yes for was this answer helpful. And, if you have any further query do let us know.
Thanks,
Raja Pothuraju.