Need ideas on how to allow a single user access to AzureAD/O365 from an IP address or location

Farmer_Magnus 1 Reputation point
2022-03-16T19:20:57.177+00:00

Hello,

Our business printers require basic authentication to send copies, etc. Because this requires basic authentication, I'm wondering if its possible to setup a policy that allows this user to connect from a location or IP and nowhere else?

Thanks!

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
19,906 questions
0 comments No comments
{count} votes

2 answers

Sort by: Most helpful
  1. Carlos Solís Salazar 17,021 Reputation points MVP
    2022-03-16T20:07:19.34+00:00

    Hi @MortimerIT-0021

    Thank you for asking this question on the **Microsoft Q&A Platform. **

    You can create an azure conditional access by location for that user https://learn.microsoft.com/en-us/azure/active-directory/conditional-access/location-condition

    Hope this helps,
    **Carlos Solís Salazar **

    ----------

    Please "Accept as Answer" and/or Upvote if any of the above helped so that, it can help others in the community looking for remediation for similar issues.

    1 person found this answer helpful.

  2. JamesTran-MSFT 36,481 Reputation points Microsoft Employee
    2022-03-18T04:35:07.49+00:00

    @MortimerIT-0021
    Thank you for your post!

    When it comes to a policy within Azure that allows users to connect from a location or IP and perform basic authentication to use a printer, you should be able to set up a location based Conditional Access policy, as mentioned by @Carlos Solís Salazar , to accomplish this. After testing this out within my tenant, I found that you can select the option to Require one of the selected controls, in my case I required a Terms of Use to be accepted so that users didn't have to perform MFA.
    184373-image.png

    To answer the question within your comment, you can apply the CA policy to a specific user(s) or group via the Users and groups assignment section. Users and groups assign who the policy will include or exclude, and this assignment can include all users, specific groups of users, directory roles, or external guest users. For more info - Conditional Access policy components.
    184411-image.png

    If requiring a Terms of Use to be accepted isn't what you're looking for, and if your printer is on-prem with users on-prem trying to access the printer, you can try using Group Policy settings to control printers in Active Directory. Within the Group Policy you can try leveraging the Computer Configuration - Computer Location setting which specifies the default location criteria that is used when searching for printers. This setting is a component of the Location Tracking feature of Windows printers. For more info.

    If you have any other questions or if these features aren't what you're looking for, please let me know.
    Thank you for your time and patience throughout this issue.

    ----------

    Please remember to "Accept Answer" if any answer/reply helped, so that others in the community facing similar issues can easily find the solution.