Azure AD: conditional access country blocking

Question

Santiago Valencia Palacio 21

Hello everyone,

One question if someone help me

I have conditional access settings enabled in Azure AD, and country blocking.

Is it possible to enable a user to access from a blocked country, without disabling them for all users?

Accepted answer

0 additional answers

Answer 1

Dillon Silzer 57,826 Volunteer Moderator

Yes this is possible. You can add users to the exception list on your policy:

2) Under Users > Exclude > Select excluded users and groups > You can exclude users and groups from policy.

If this is helpful please accept answer.

Santiago Valencia Palacio 21 Reputation points

2022-10-03T21:36:21.417+00:00

Hello, thanks for the answer.

I can make the user exception in the policy, but the idea is to make the exception only for one country.

That is, leave the block for all countries in all users, but if one of the users needs to access from a blocked country, it is not necessary to make the exception for the entire rule, but for a single country.

I can remove the country check, but this would affect all users. that are within the rule.
Dillon Silzer 57,826 Reputation points Volunteer Moderator

2022-10-03T21:49:18.447+00:00

You could create two policies. One that has everyone (except that person) and a policy that has only certain locations on the allow list. I can't think of any other way.