Can we restrict azure portal (https://portal.azure.com/) access from outside internet.

Param 21 Reputation points
2020-09-30T05:31:02.827+00:00

Can we restrict azure portal (https://portal.azure.com/) access from outside internet. I want to access it from particular VM which I create from same subscription.

Azure Active Directory
Azure Active Directory
An Azure enterprise identity service that provides single sign-on and multi-factor authentication.
12,619 questions
Azure DNS
Azure DNS
An Azure service that enables hosting Domain Name System (DNS) domains in Azure.
393 questions
No comments
{count} votes

Accepted answer
  1. AmanpreetSingh-MSFT 55,201 Reputation points
    2020-09-30T07:26:08.157+00:00

    Hello @Param · Thank you for reaching out.

    Yes, we can restrict access to Azure Portal by using Condition Access Policy, which is a feature included with Azure AD Premium P1 License.

    Steps:

    • Navigate to Azure Portal > Azure Active Directory > Security > Conditional Access > Named locations > +New Location > Type a name and add IP address that you want to allow Azure Portal access from. To add a specific IP use /32 CIDR value as shown below:
      29287-image.png
    • Navigate to Azure Portal > Azure Active Directory > Security > Conditional Access > Policies > +New Policy > Configure below settings:
    • Users and Groups : Select required users.
    • Cloud apps or actions : Select apps > Microsoft Azure Management.
    • Conditions : Locations > Include > Any location. Exclude > select the location created in first step,.
    • Grant : Block access
    • Enable policy > On > Click on Create button.

    This will block access to Azure Portal from Any location, except your custom location.

    -----------------------------------------------------------------------------------------------------------

    Please "Accept the answer" if the information helped you. This will help us and others in the community as well.


3 additional answers

Sort by: Most helpful
  1. Vasil Michev 61,741 Reputation points Microsoft MVP
    2020-09-30T07:04:08.88+00:00

    By definition, being a public cloud offering, Azure is available from anywhere, any time. If you want to restrict access, you need to enforce this as part of the login process, by leveraging something like Conditional Access, or redirecting the auth process (federation) and imposing restrictions there.

    No comments

  2. Charles Tiu 41 Reputation points
    2021-04-26T01:26:07.133+00:00

    Can provide some link or guide on the "redirecting the auth process (federation) and imposing restrictions there" part?

    No comments

  3. Goyal, Dharmender 1 Reputation point
    2021-08-06T14:48:47.363+00:00

    @AmanpreetSingh-MSFT

    Assuming that I use this feature to block portal access to a group called "Developers", will this feature also block the CLI access? (is it possible to allow CLI access but block the access to portal.azure.com?)

    No comments