Can we restrict azure portal (https://portal.azure.com/) access from outside internet.

Parmeshwar Jadhao 21 Reputation points
2020-09-30T05:31:02.827+00:00

Can we restrict azure portal (https://portal.azure.com/) access from outside internet. I want to access it from particular VM which I create from same subscription.

Azure DNS
Azure DNS
An Azure service that enables hosting Domain Name System (DNS) domains in Azure.
620 questions
Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
20,161 questions
0 comments No comments
{count} votes

Accepted answer
  1. AmanpreetSingh-MSFT 56,456 Reputation points
    2020-09-30T07:26:08.157+00:00

    Hello @Parmeshwar Jadhao · Thank you for reaching out.

    Yes, we can restrict access to Azure Portal by using Condition Access Policy, which is a feature included with Azure AD Premium P1 License.

    Steps:

    • Navigate to Azure Portal > Azure Active Directory > Security > Conditional Access > Named locations > +New Location > Type a name and add IP address that you want to allow Azure Portal access from. To add a specific IP use /32 CIDR value as shown below:
      29287-image.png
    • Navigate to Azure Portal > Azure Active Directory > Security > Conditional Access > Policies > +New Policy > Configure below settings:
    • Users and Groups : Select required users.
    • Cloud apps or actions : Select apps > Microsoft Azure Management.
    • Conditions : Locations > Include > Any location. Exclude > select the location created in first step,.
    • Grant : Block access
    • Enable policy > On > Click on Create button.

    This will block access to Azure Portal from Any location, except your custom location.

    -----------------------------------------------------------------------------------------------------------

    Please "Accept the answer" if the information helped you. This will help us and others in the community as well.

    1 person found this answer helpful.

3 additional answers

Sort by: Most helpful
  1. Vasil Michev 98,281 Reputation points MVP
    2020-09-30T07:04:08.88+00:00

    By definition, being a public cloud offering, Azure is available from anywhere, any time. If you want to restrict access, you need to enforce this as part of the login process, by leveraging something like Conditional Access, or redirecting the auth process (federation) and imposing restrictions there.

    3 people found this answer helpful.
    0 comments No comments

  2. Charles Tiu 41 Reputation points
    2021-04-26T01:26:07.133+00:00

    Can provide some link or guide on the "redirecting the auth process (federation) and imposing restrictions there" part?

    0 comments No comments

  3. Goyal, Dharmender 1 Reputation point
    2021-08-06T14:48:47.363+00:00

    @AmanpreetSingh-MSFT

    Assuming that I use this feature to block portal access to a group called "Developers", will this feature also block the CLI access? (is it possible to allow CLI access but block the access to portal.azure.com?)

    0 comments No comments