Restrict User Login to specific Time Frame on Azure AD

@Mazi Bakhsh

Thank you for reaching out to us.

Unfortunately it is not possible to restrict user login to specific time frame on Azure AD.

Azure AD / O365 does not 'understand' Logon Hours , you can leverage Block Sign in option if you want to block the user from accessing Azure AD.

You may post feedback regarding this at the User Voice Portal ( https://feedback.azure.com/d365community ).

https://feedback.azure.com/d365community/idea/ce83c644-bf25-ec11-b6e6-000d3a4f0789

Let me know if you have any questions.

Please "Accept the answer" if the information helped you. This will help us and others in the community as well.

Until Microsoft releases such controls for CA policies, your best bet is to periodically run a task (script, workbook, flow or whatever you use for automation) that blocks users and revokes any existing tokens. You can use PowerShell or the Graph API for this, but be warned that the user experience will be ugly.

Yes we also have this requirement, We need to be able to block our users to work during off hours, as this is becoming a legal requirement in France.

The ability to block access to Teams and Outlook especially via policies would be the best way I think.

The only way of doing this right now would be to use PS to block/release signin via automated tasks, but it doesn't actually work as, for example, once a mobile outlook is connected, it will not check revocation for a long while

I need this too.

People connect to my license server via Azure AD.

After a certain time period, new users in different time zones come online.

I need to kick-off users in another time zone off my license server. It is preferable that I can do this my logging people off, and logging people via Azure AD, according to a specific set of rules.

The best way to achieve this is using EntraID Connect Sync with PTA. You can manage the logon hours at user properties.