Forum Discussion
Using Conditional access to create a geo-fence - not applying policy
Good day community.
In our tenant, we are getting login attacks on some of our accounts. We have enabled MFA, but would like to stop these attacks before authentication starts. Our employees mostly work from a single country, so geo-fencing should be a good solution to implement. Some examples of the attacks below:
We implemented conditional access policy for all our accounts in our organisation. We created Named Locations for where it is safe to work from (our country) and created another location for all other countries. Example of this below:
The conditional access policy should block all connections from the rest of the world to authenticate to our tenant:
Unfortunatly, the attacks on our account(s) are still coming through and the logs says conditional access is not being applied. The "view policy impact" report also shows that 100% is not applied.
What are we missing? Thanks!
Conditional access policies act after the initial authentication, you will not be able to prevent such attempts with it. You can use Exchange Online's Authentication policies instead: https://learn.microsoft.com/en-us/exchange/clients-and-mobile-in-exchange-online/disable-basic-authentication-in-exchange-online#authentication-policy-procedures-in-exchange-online
1 Reply
Conditional access policies act after the initial authentication, you will not be able to prevent such attempts with it. You can use Exchange Online's Authentication policies instead: https://learn.microsoft.com/en-us/exchange/clients-and-mobile-in-exchange-online/disable-basic-authentication-in-exchange-online#authentication-policy-procedures-in-exchange-online