I figured this out. Listing the steps to help anyone else with similar issue
Have to create two CA policies. One that blocks all locations except US. Then a second CA policy that allows from location US and forces MFA
This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
I'm trying to create a CA policy that forces mfa for access to azure management portal, and also source connection must be from the US. If i connect from outside the US i get access. I understand why its because i didn't meet all of the requirements. How can i allow access, but only allow from specific ip's ?
I dont want anyone to access the azure management portal from outside the US. I know i can setup a block rule, but then i cant use things like compliant device or force mfa.
I figured this out. Listing the steps to help anyone else with similar issue
Have to create two CA policies. One that blocks all locations except US. Then a second CA policy that allows from location US and forces MFA
@Skip Hofmann
Thank you for the quick follow up on this and I'm glad that you were able to resolve your issue!
Additional Link:
Using the location condition in a Conditional Access policy
If you have any other questions, please let me know.
Thank you for your time and patience throughout this issue.
----------
Please remember to "Accept Answer" if any answer/reply helped, so that others in the community facing similar issues can easily find the solution.