Forum Discussion

Dan_Snape's avatar
Dan_Snape
Steel Contributor
May 30, 2017

Restricting access based on location

Our customer has a requirement to block access to their data for anyone outside of the country. At the moment they do this by forcing users with company supplied mobile devices to hand them back to the company when travelling overseas. Are there any polices or tools avaialable in Office 365 that will help them acheive that? The closest I can see is the conditional access rules, but this would be difficult to manage.

 

Dan

  • Well, how do you define "outside of the country" in this scenario? If based on IP (geo-tagging), you can certainly use Conditional access by adding work locations/trusted IPs. Of course this information can be incorrect in some cases. But you can also combine Conditional access with MFA enforcements and make sure that the "authentication phone" is one that can only be dialed in the home country (no roaming).

     

    But in general there is no "restrict by country" setting you can use.

  • Dean_Gross's avatar
    Dean_Gross
    Silver Contributor

    I'm curious, what is the basis for that type of requirement?

    • Dan_Snape's avatar
      Dan_Snape
      Steel Contributor
      I believe they've interpreted a legal requirement for data sovereignty as meaning no-one outside the country can access the data. Not sure how accurate that interpretation is.
  • Well, how do you define "outside of the country" in this scenario? If based on IP (geo-tagging), you can certainly use Conditional access by adding work locations/trusted IPs. Of course this information can be incorrect in some cases. But you can also combine Conditional access with MFA enforcements and make sure that the "authentication phone" is one that can only be dialed in the home country (no roaming).

     

    But in general there is no "restrict by country" setting you can use.

Resources