Conditional Access: Only Allow Access from a certain IP-Address

Bühler Gabriel 81 Reputation points
2023-09-13T12:41:57.7+00:00

Hello Everyone

I am trying to set up a conditional access policy. The goal should be that a specific user is only able to access his account from a few certain, specific IP-Adresses:

User's image

I looked it up and most people recommend to Block the access for everything and then use the IP-Adresses as an exclusion.

I am now still able to access the account from another address though...what am I doing wrong? Is it possible that it takes 24 hours for it to take effect?

Thank you for your help.

Kind regards,

Gabe

Microsoft Exchange Online
Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
21,430 questions
0 comments No comments
{count} votes

3 answers

Sort by: Most helpful
  1. Andy David - MVP 147.6K Reputation points MVP
    2023-09-14T12:49:30.7033333+00:00

    Under Target Resources in your policy you need to select the apps you want this to apply to.

    If all then:

    User's image

    1 person found this answer helpful.
    0 comments No comments

  2. Andy David - MVP 147.6K Reputation points MVP
    2023-09-13T12:47:45.2966667+00:00

    No, that should start blocking within a few minutes typically. What do the sign in logs show as far as the policy being applied for the user that should be blocked? How are you testing exactly?


  3. Deleted

    This answer has been deleted due to a violation of our Code of Conduct. The answer was manually reported or identified through automated detection before action was taken. Please refer to our Code of Conduct for more information.


    Comments have been turned off. Learn more

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.