Forum Discussion

Skipster311-1's avatar
Skipster311-1
Iron Contributor
Sep 01, 2021

CA policy

I'm trying to create a CA policy that forces mfa for access to azure management portal, and also source connection must be from the US. If i connect from outside the US i get access. I understand why its because i didn't meet all of the requirements. How can i allow access, but only allow from specific ip's ?

I dont want anyone to access the azure management portal from outside the US. I know i can setup a block rule, but then i cant use things like compliant device or force mfa. 

 

  • Hello, you can do this with two CA policies:
    - Policy 1 : Grant Access to Azure Management Portal from US IP address with MFA
    - Policy 2 : Block Access to Azure Management Portal outside IP address

    For the IP addresses you can use either "Countries (IP)" or "Trusted locations"
  • Hello, you can do this with two CA policies:
    - Policy 1 : Grant Access to Azure Management Portal from US IP address with MFA
    - Policy 2 : Block Access to Azure Management Portal outside IP address

    For the IP addresses you can use either "Countries (IP)" or "Trusted locations"

Resources