Conditional Access: Only Allow Access from a certain IP-Address

Bühler Gabriel 71 Reputation points

Hello Everyone

I am trying to set up a conditional access policy. The goal should be that a specific user is only able to access his account from a few certain, specific IP-Adresses:

User's image

I looked it up and most people recommend to Block the access for everything and then use the IP-Adresses as an exclusion.

I am now still able to access the account from another address though...what am I doing wrong? Is it possible that it takes 24 hours for it to take effect?

Thank you for your help.

Kind regards,


Microsoft Exchange Online
Azure Active Directory
Azure Active Directory
An Azure enterprise identity service that provides single sign-on and multi-factor authentication.
16,546 questions
0 comments No comments
{count} votes

2 answers

Sort by: Most helpful
  1. Andy David - MVP 130.5K Reputation points MVP

    Under Target Resources in your policy you need to select the apps you want this to apply to.

    If all then:

    User's image

    1 person found this answer helpful.
    0 comments No comments

  2. Andy David - MVP 130.5K Reputation points MVP

    No, that should start blocking within a few minutes typically. What do the sign in logs show as far as the policy being applied for the user that should be blocked? How are you testing exactly?