Conditional Access

Skip Hofmann 186 Reputation points

I'm trying to create a CA policy that forces mfa for access to azure management portal, and also source connection must be from the US. If i connect from outside the US i get access. I understand why its because i didn't meet all of the requirements. How can i allow access, but only allow from specific ip's ?

I dont want anyone to access the azure management portal from outside the US. I know i can setup a block rule, but then i cant use things like compliant device or force mfa. 

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
20,102 questions
0 comments No comments
{count} votes

Accepted answer
  1. Skip Hofmann 186 Reputation points

    I figured this out. Listing the steps to help anyone else with similar issue

    Have to create two CA policies. One that blocks all locations except US. Then a second CA policy that allows from location US and forces MFA

    1 person found this answer helpful.
    0 comments No comments

1 additional answer

Sort by: Most helpful
  1. JamesTran-MSFT 36,496 Reputation points Microsoft Employee

    @Skip Hofmann
    Thank you for the quick follow up on this and I'm glad that you were able to resolve your issue!

    Additional Link:
    Using the location condition in a Conditional Access policy

    If you have any other questions, please let me know.
    Thank you for your time and patience throughout this issue.


    Please remember to "Accept Answer" if any answer/reply helped, so that others in the community facing similar issues can easily find the solution.

    0 comments No comments