Forum Discussion

bryant125's avatar
bryant125
Copper Contributor
Aug 18, 2020

Is there a way to automatically add IP addresses from a specific country to a blacklist?

Hi All, I'm currently experimenting with CAS to see how much automation can be done with the tool. Is there a way to automatically add IP addresses that are failing to authenticate to the blacklis...
Cloud App Security
Aaron Horna's avatar
Aaron Horna
Copper Contributor
Feb 04, 2021

Did you find a way to do this at all? Would be extremely helpful for us as well. bryant125 

  • Christopher Brumm's avatar
    Christopher Brumm
    Brass Contributor
    Feb 06, 2021

    Hi Aaron Horna,

    my approach for Cloud Apps is to use SSO from AAD whenever possible. Among many other benefits, in Conditional Access you can configure rules that use https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/location-condition - which can also be countries.

     

    However, an even better approach would be to use Device State (https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/concept-conditional-access-grant#require-hybrid-azure-ad-joined-device, https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/concept-conditional-access-grant#require-device-to-be-marked-as-compliant) and Session Risks from AAD Identity Protection instead of IP addresses. It's not that hard for an attacker to obtain an IP address from your country.

     

    Greetings Chris

     

Resources