question

Valdy avatar image
0 Votes"
Valdy asked Givary-MSFT commented

How to block user access after hours (9-5) on Azure AD

Hi there

We used our Azure AD for logging in and need to know if there is a way we can block user access after hours for instance. Or the user logged in, it will have a warning saying the limit access for after hours.

Thanks, Valdy

azure-ad-domain-services
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

ricardosolisvillegas-4678 avatar image
0 Votes"
ricardosolisvillegas-4678 answered

Hello @Valdy

Thank you for your post.

Please read this useful article that will guide to use different features like Just in time and other good features.

https://docs.microsoft.com/en-us/azure/active-directory/privileged-identity-management/pim-configure

Looking forward to your feedback,

BR,

Accept Answer and Upvote, if any of the above helped, this thread can help others in the community looking for remediation for similar issues.

· 3
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Hi @Valdy

I hope you are doing fine,

Do you need further assistance on it?

BR,

Accept Answer and Upvote, if any of the above helped, this thread can help others in the community looking for remediation for similar issues.

0 Votes 0 ·
Valdy avatar image Valdy ricardosolisvillegas-4678 ·

Looks like we need the EMS E5 or Azure AD Premium P2.

204533-image.png


0 Votes 0 ·
image.png (15.2 KiB)

Hi @Valdy

Yes, you need it and that license will release others good features.

You can use a P2 license trial as well.

Regards,

Accept Answer and Upvote, if any of the above helped, this thread can help others in the community looking for remediation for similar issues.

0 Votes 0 ·
Givary-MSFT avatar image
0 Votes"
Givary-MSFT answered Givary-MSFT commented

@Valdy

Thank you for reaching out to us. As per my understanding you want to block user access to Azure AD after certain time frame.

This requirement can be achieved only if you have Pass through Authentication configured as a sign in option with Azure AD and with Logon hours setting configured in on-premise AD.

With Password Hash sync this is not possible, as Azure AD doesnt have logon hours setting.

Let me know if you have any questions.

Please remember to "Accept Answer" if answer helped, so that others in the community facing similar issues can easily find the solution.


· 2
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

@GirishVaryani : We don't have On-Premise AD unfortunetly.

0 Votes 0 ·

@Valdy

Thank you for your response. If there is no on-premise AD footprint, you can leverage PIM functionality as mentioned by @ricardosolisvillegas-4678 but it needs Azure AD P2 license.

As Azure AD / O365 does not 'understand' Logon Hours , you can leverage Block Sign in option if you want to block the user from accessing Azure AD.

You may post feedback regarding this at the User Voice Portal ( https://feedback.azure.com/d365community ).

https://feedback.azure.com/d365community/idea/ce83c644-bf25-ec11-b6e6-000d3a4f0789

Let me know if you have any questions.

Please remember to "Accept Answer" if answer helped, so that others in the community facing similar issues can easily find the solution.

0 Votes 0 ·