Forum Discussion

VasilMichev's avatar
VasilMichev
MVP
May 06, 2017

Conditional access does not only work for MFA, you can use it in other scenarios such as "block login for requests coming from IP range". Go to the AAD blade, Conditional Access, New Policy. Select the Users/Groups to apply the policy agianst, select the apps to apply the rule to (probably All), and select the Location based condition. In the Access control section, select Block. Make sure to Enable the policy before saving.

 

 

Alternatively, AD FS can be used to block extenral access/allow only specific IPs.

Dennis Rylski's avatar
Dennis Rylski
Copper Contributor
May 26, 2017
Thanks for the reply Vasil! Turns out when you get down to the "Conditions\Locations" setting, the Exclude option essentially blocks everything except the "Trusted Locations", which in our case is our local networks/pub IP ranges. There is no option there to "blacklist" particular IP ranges, just exclude everything that isn't a whitelisted "Trusted Location". Thanks again for taking the time to reply...I appreciate it even though there isn't a solution built into AAD yet it seems to blacklist unwanted CIDR blocks. Will keep looking myself and if I find some option that works; will post back here.