In effect, I’m preparing a list of “known” or “good” locations which I can then whitelist in any CA policies. In the example above, I have already created a location that includes my country, Bulgaria, and another one that includes the Netherlands, which happens to be the country in which my Azure VMs are hosted. To create a new country-based location, all you need to do is to give it a Name, and then select one or more of the countries from the dropdown control. However, when you press the New location button, you are now given the option to define the location via Countries/Region as shown on the below screenshot: You will be presented with the same old interface used to define trusted IPs/ranges for both Conditional Access and Azure MFA. Then, select the Named locations tab or click directly on this link. Since this feature is part of Conditional Access policies, to configure it you need to browse to the corresponding blade in the Azure AD portal. Let’s do a quick test of the new feature.
With the advent of Azure AD Conditional Access and Multi-factor authentication, we now have more robust and easier to use alternatives. Previously, AD FS claims rules were the only method that allowed restrictions to be configured based on the IP of the user/client. Office 365 being a public SaaS offering is by default accessible from anywhere, anytime and this can be problematic for some organizations. While this is technically a minor addition, the ability to block logins to Office 365 or other cloud applications based on the location of the user has been a common request for years. Quietly, Microsoft has released (a preview version of the) country-based controls for Conditional Access.
0 kommentar(er)
