![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(99.2, 99%, 19%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EDW%3C/text%3E%3C/svg%3E)
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
22,065 questions
Hi @david wrafter • Thank you for reaching out.
From your question I understood that you want to allow sign-ins only from the location that you have added to the Conditional Access policy and restrict access from all other locations.
In order to achieve this, you need to create a conditional access policy with the below conditions:
- In the conditional access policy, navigate to Conditions > Locations > Include "Any location" and Exclude "Your Named Location", as shown below:
- Then go to Access Control section > Grant > Block access.
With this configuration, all the locations will be in the scope of the policy and will be blocked but the locations under the exclusion list will not be blocked and the sign-ins will be allowed from those locations.
Currently, if you have included a specific location in the CA Policy and signing-in from another location, the conditional access policy will not be applied as the location condition is not meeting.
-----------------------------------------------------------------------------------------------------------
Please "Accept the answer" if the information helped you. This will help us and others in the community as well.