Forum Discussion
Has anyone setup a "geofence" to filter/alert when authenticating from "outside the fence"?
Conditional access does not only work for MFA, you can use it in other scenarios such as "block login for requests coming from IP range". Go to the AAD blade, Conditional Access, New Policy. Select the Users/Groups to apply the policy agianst, select the apps to apply the rule to (probably All), and select the Location based condition. In the Access control section, select Block. Make sure to Enable the policy before saving.
Alternatively, AD FS can be used to block extenral access/allow only specific IPs.
- Thanks for the reply Vasil! Turns out when you get down to the "Conditions\Locations" setting, the Exclude option essentially blocks everything except the "Trusted Locations", which in our case is our local networks/pub IP ranges. There is no option there to "blacklist" particular IP ranges, just exclude everything that isn't a whitelisted "Trusted Location". Thanks again for taking the time to reply...I appreciate it even though there isn't a solution built into AAD yet it seems to blacklist unwanted CIDR blocks. Will keep looking myself and if I find some option that works; will post back here.
Suspicious IPs are already included, as you can read here: "The Microsoft Intelligent Security Graph maintains a list of IP addresses known to have been in contact with a bot server. Devices that attempt to contact resources from these IP addresses are possibly infected with malware and are therefore flagged."
Please read more here: https://blogs.technet.microsoft.com/enterprisemobility/2017/05/26/breaking-down-ems-conditional-access-part-3/
Not sure what happened to the photo...
