Forum Discussion
Skipster311-1
Sep 01, 2021Iron Contributor
CA policy
I'm trying to create a CA policy that forces mfa for access to azure management portal, and also source connection must be from the US. If i connect from outside the US i get access. I understand why its because i didn't meet all of the requirements. How can i allow access, but only allow from specific ip's ?
I dont want anyone to access the azure management portal from outside the US. I know i can setup a block rule, but then i cant use things like compliant device or force mfa.
- Hello, you can do this with two CA policies:
- Policy 1 : Grant Access to Azure Management Portal from US IP address with MFA
- Policy 2 : Block Access to Azure Management Portal outside IP address
For the IP addresses you can use either "Countries (IP)" or "Trusted locations"
- thijoubertoldIron ContributorHello, you can do this with two CA policies:
- Policy 1 : Grant Access to Azure Management Portal from US IP address with MFA
- Policy 2 : Block Access to Azure Management Portal outside IP address
For the IP addresses you can use either "Countries (IP)" or "Trusted locations"