Hi @Brad Burks
Thank you for posting your query on Q&A.
For your query, I understand your concern about known malicious IPs attempting to hack into your accounts and the Microsoft 365 is already blocking these IPs and you looking to implement other steps to improve security even more.
You're already taking some good security measures by using MFA and applying Conditional Access to block non-USA locations also as an additional step to Conditional Access, configure Geo-IP filtering, either on your firewall or through a cloud service, to automatically block traffic originating from geographical areas that are not pertinent to your business operations.
You can configure to Block a range of IP addresses. To allow the access configure the trusted IP addresses.
The other side I suggest you to continuously monitor security logs and alerts to quickly detect and respond to suspicious activities.
Educate your users about phishing and other social engineering attacks and encourage them not to click on suspicious links or download unverified attachments.
I hope this information helps! please Feel free to ask any questions you may have.
Thanks,
Akhilesh.
Please "Accept the answer" if the information helped you. This will help us and others in the community as well.