Microsoft Exchange Online
A Microsoft email and calendaring hosted service.
858 questions
Under Target Resources in your policy you need to select the apps you want this to apply to.
If all then:
Conditional Access: Only Allow Access from a certain IP-Address
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(144, 32%, 23%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EBH%3C/text%3E%3C/svg%3E)
Bühler Gabriel
71
Reputation points
Hello Everyone
I am trying to set up a conditional access policy. The goal should be that a specific user is only able to access his account from a few certain, specific IP-Adresses:
I looked it up and most people recommend to Block the access for everything and then use the IP-Adresses as an exclusion.
I am now still able to access the account from another address though...what am I doing wrong? Is it possible that it takes 24 hours for it to take effect?
Thank you for your help.
Kind regards,
Gabe
2 answers
Sort by: Most helpful
-
-
Andy David - MVP 130.5K Reputation points MVP2023-09-13T12:47:45.2966667+00:00 No, that should start blocking within a few minutes typically. What do the sign in logs show as far as the policy being applied for the user that should be blocked? How are you testing exactly?
-
Bühler Gabriel 71 Reputation points
2023-09-13T13:05:20.5766667+00:00 Hi Andy, Im just signing into the account outside of that IP-Adress, with a deleted cache and cookies....the sign in logs just say "success". We have another policy where the account is on the "exclude"-list, in regards to MFA. Could it be that it just ignores it because of that?
-
Andy David - MVP 130.5K Reputation points MVP
2023-09-13T14:39:43.01+00:00 If you open up the log entry where it says success what does it say in relation to the policy that should be blocking? Look in the "Show Details" section of the success under the three ellipses.
It should show what was matched and what was not for that logon
-
Bühler Gabriel 71 Reputation points
2023-09-14T09:23:35.61+00:00 Hello David
It unfortunately just says "not matched"...do I have to select "All Apps"?
Thank you for your help.
Kind regards,
Gabriel
-
Bühler Gabriel 71 Reputation points
2023-09-14T09:24:18.2066667+00:00 .....
Sign in to comment -