I am trying to set up a conditional access policy. The goal should be that a specific user is only able to access his account from a few certain, specific IP-Adresses:
I looked it up and most people recommend to Block the access for everything and then use the IP-Adresses as an exclusion.
I am now still able to access the account from another address though...what am I doing wrong? Is it possible that it takes 24 hours for it to take effect?
Thank you for your help.