Forum Discussion
Azure AD conditional Access.
If you're doing IP-based restrictions, then this becomes a change management issue. Before new IP ranges are added, or existing IP ranges are removed, you should include in your planning the steps to update your conditional access rules.
If IP-based restrictions are becoming unmanageable for you, consider moving to managed vs unmanaged device policies in conditional access instead. That way you aren't trusting networks (all networks should be untrusted these days), and you're focusing on securing identities and endpoints (devices) instead.
Here is a blog post on the topic if you're interested: https://practical365.com/security/azure-active-directory-conditional-access-enforce-multi-factor-authentication/
If you're doing IP-based restrictions, then this becomes a change management issue. Before new IP ranges are added, or existing IP ranges are removed, you should include in your planning the steps to update your conditional access rules.
If IP-based restrictions are becoming unmanageable for you, consider moving to managed vs unmanaged device policies in conditional access instead. That way you aren't trusting networks (all networks should be untrusted these days), and you're focusing on securing identities and endpoints (devices) instead.
Here is a blog post on the topic if you're interested: https://practical365.com/security/azure-active-directory-conditional-access-enforce-multi-factor-authentication/