Conditional Access

Skip Hofmann 186 Reputation points
2021-09-01T20:10:19.15+00:00

I'm trying to create a CA policy that forces mfa for access to azure management portal, and also source connection must be from the US. If i connect from outside the US i get access. I understand why its because i didn't meet all of the requirements. How can i allow access, but only allow from specific ip's ?

I dont want anyone to access the azure management portal from outside the US. I know i can setup a block rule, but then i cant use things like compliant device or force mfa. 

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
20,102 questions
0 comments No comments
{count} votes

Accepted answer
  1. Skip Hofmann 186 Reputation points
    2021-09-01T21:36:30.653+00:00

    I figured this out. Listing the steps to help anyone else with similar issue

    Have to create two CA policies. One that blocks all locations except US. Then a second CA policy that allows from location US and forces MFA

    1 person found this answer helpful.
    0 comments No comments

1 additional answer

Sort by: Most helpful
  1. JamesTran-MSFT 36,496 Reputation points Microsoft Employee
    2021-09-01T21:41:18.183+00:00

    @Skip Hofmann
    Thank you for the quick follow up on this and I'm glad that you were able to resolve your issue!

    Additional Link:
    Using the location condition in a Conditional Access policy

    If you have any other questions, please let me know.
    Thank you for your time and patience throughout this issue.

    ----------

    Please remember to "Accept Answer" if any answer/reply helped, so that others in the community facing similar issues can easily find the solution.

    0 comments No comments