A logic of Grant with Exclude to block the rest in Conditional Access

Thuan Ng
Hi AAD team and experts,
I have created to Conditional Access policies in order to understand how the Access Control's logic works.
  • Scenario 1: Block access to Any location, exclude whitelisted IP addresses - This works as expected.
  • Scenario 2: Grant access to whitelisted IP addresses, exclude non-whitelisted IP ranges - This doesn't work.
I'm unsure if the logic is designed for the scenario 1 only, which means the scenario is not workable.
Any thought?
Related Conversations
Tabs and Dark Mode
cjc2112 in Discussions on
35 Replies
Extentions Synchronization
Deleted in Discussions on
3 Replies
flashing a white screen while open new tab
Deleted in Discussions on
14 Replies
Stable version of Edge insider browser
HotCakeX in Discussions on
35 Replies