restrict service principal access outside tenant/network

Hello,

Currently in our Azure setup, a user who has service principal credentials can access resources it has access to from anywhere ( outside the tenant, network etc.). Is there a way to lock this access so the SP credentials only work within a set of source IP ranges ?