Forum Discussion
Has anyone setup a "geofence" to filter/alert when authenticating from "outside the fence"?
I ask this knowing the availability of the Conditional Access (that only works for MFA accounts) feature. Our organization has compelling issues with training availability, hence taking far longer to ...
Thanks for the reply Vasil! Turns out when you get down to the "Conditions\Locations" setting, the Exclude option essentially blocks everything except the "Trusted Locations", which in our case is our local networks/pub IP ranges. There is no option there to "blacklist" particular IP ranges, just exclude everything that isn't a whitelisted "Trusted Location". Thanks again for taking the time to reply...I appreciate it even though there isn't a solution built into AAD yet it seems to blacklist unwanted CIDR blocks. Will keep looking myself and if I find some option that works; will post back here.
Suspicious IPs are already included, as you can read here: "The Microsoft Intelligent Security Graph maintains a list of IP addresses known to have been in contact with a bot server. Devices that attempt to contact resources from these IP addresses are possibly infected with malware and are therefore flagged."
Please read more here: https://blogs.technet.microsoft.com/enterprisemobility/2017/05/26/breaking-down-ems-conditional-access-part-3/