Share via

Conditional access policy for accessing vm in Azure portal

Peter Höber 1 Reputation point
2021-09-15T15:50:58.207+00:00

Scenario
An invited guest user should be able to connect to a vm via Bastion, but only, if the user resides in a certain country/location.

What did we do so far

  • We've created a named location for a specific country
  • That has been added as a condition to the policy
  • We've included a user group in which the guest user has been assigned to
  • For "Cloud apps or actions" we really don't know what to set there

It didn't work so far. We were able to connect from several countries which weren't specified.

Any advice? Thanks in advance.

Microsoft Security | Microsoft Entra | Microsoft Entra ID
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Alan Kinane 16,951 Reputation points MVP Volunteer Moderator
    2021-09-15T16:42:23.08+00:00

    There is an app called 'Microsoft Azure Management' that you can select here but note this will block the user from the Azure portal entirely and not just to Azure Bastion. There is no way to limit conditional access to just the Azure Bastion service at this time.

    https://learn.microsoft.com/en-us/azure/role-based-access-control/conditional-access-azure-management

    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.