conditional access policy not applicable for VPN users

Jeetendra Sharma 0 Reputation points
2024-06-10T09:11:35.71+00:00

For VPN users in the company the policy of restricting access to users outside office IP address range is not applicable as it is blocking users even we have mentioned the Static IP address.

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
20,127 questions
0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. Marilee Turscak-MSFT 35,616 Reputation points Microsoft Employee
    2024-06-10T23:34:52.0466667+00:00

    Hi @Jeetendra Sharma ,

    From your post I'm also a little bit unclear about whether you are trying to allow the users or block the users. If users are being unintentionally blocked and you are permitting the access based on their private IP addresses, this is expected behavior since you cannot use private IP addresses for the named locations.

    https://learn.microsoft.com/en-us/azure/active-directory/conditional-access/location-condition#ip-address-ranges

    If the users are able to access when you have them blocked by the VPN, I would recommend confirming whether IPV6 is enabled on the VPN itself. p

    To get more clarity, I would recommend sharing more details about which VPN you are using and your CA/Exclusion settings.

    If the information helped you, please Accept the answer. This will help us and improve searchability for others in the community who may be researching similar questions.