Home

Conditional Access to Proxied Enterprise App by IP only

%3CLINGO-SUB%20id%3D%22lingo-sub-698271%22%20slang%3D%22en-US%22%3EConditional%20Access%20to%20Proxied%20Enterprise%20App%20by%20IP%20only%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-698271%22%20slang%3D%22en-US%22%3E%3CP%3EHello%2C%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI'd%20like%20to%20restrict%20access%20to%20Azure%20enterprise%20app%20by%20IP%20only.%20I%20can%20create%20a%20location%20with%20IPs%2C%20but%20then%20I%20am%20forced%20to%20pick%20something%20in%20%22Grant%22%20or%20%22Session%22%20category%20-%20which%20I%20don't%20want%2C%20I%20just%20want%20to%20restict%20by%20IP.%20How%20do%20I%20go%20about%20that%3F%3C%2FP%3E%3CP%3Ethanks%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-698271%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EAccess%20Management%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EAzure%20AD%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EConditional%20Access%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-747408%22%20slang%3D%22en-US%22%3ERe%3A%20Conditional%20Access%20to%20Proxied%20Enterprise%20App%20by%20IP%20only%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-747408%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F361765%22%20target%3D%22_blank%22%3E%40truekonrads_cds%3C%2FA%3E%26nbsp%3BHi%2C%20given%20that%20you%20want%20to%20configure%20so%20that%20only%20corporate%20IPs%20can%20connect%20to%20the%20app%20I%20would%20use%20the%20guidance%20from%20doc%3A%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSPAN%20class%3D%22sxs-lookup%22%3E%3CSPAN%3EIf%20you%20need%20to%20configure%20a%20location%20condition%20that%20applies%20to%20all%20connections%20made%20from%20outside%20your%20organization's%20network%3A%3C%2FSPAN%3E%3C%2FSPAN%3E%3C%2FP%3E%3CUL%3E%3CLI%3E%3CSPAN%20class%3D%22sxs-lookup%22%3E%3CSPAN%3EInclude%26nbsp%3B%3CSTRONG%3EAll%20locations%3C%2FSTRONG%3E%3C%2FSPAN%3E%3C%2FSPAN%3E%3C%2FLI%3E%3CLI%3E%3CSPAN%20class%3D%22sxs-lookup%22%3E%3CSPAN%3EExclude%26nbsp%3B%3CSTRONG%3EAll%20trusted%20IPs%3C%2FSTRONG%3E%3C%2FSPAN%3E%3C%2FSPAN%3E%3C%2FLI%3E%3C%2FUL%3E%3CP%3E%3CSPAN%20class%3D%22sxs-lookup%22%3E%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Factive-directory%2Fconditional-access%2Fbest-practices%23what-you-should-know%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Factive-directory%2Fconditional-access%2Fbest-practices%23what-you-should-know%3C%2FA%3E%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSPAN%20class%3D%22sxs-lookup%22%3EAnd%20the%20action%20would%20then%20be%20%22Block%22%20to%20that%20specific%20app.%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSPAN%20class%3D%22sxs-lookup%22%3ERegards%2C%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSPAN%20class%3D%22sxs-lookup%22%3EViktor%3C%2FSPAN%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E
Highlighted
Deleted
Not applicable

Hello,

 

I'd like to restrict access to Azure enterprise app by IP only. I can create a location with IPs, but then I am forced to pick something in "Grant" or "Session" category - which I don't want, I just want to restict by IP. How do I go about that?

thanks

1 Reply

@Deleted Hi, given that you want to configure so that only corporate IPs can connect to the app I would use the guidance from doc:

 

If you need to configure a location condition that applies to all connections made from outside your organization's network:

  • Include All locations
  • Exclude All trusted IPs

https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/best-practices#what-you-should-know

 

And the action would then be "Block" to that specific app.

 

Regards,

 

Viktor

Related Conversations
Tabs and Dark Mode
cjc2112 in Discussions on
46 Replies
Security Community Webinars
Valon_Kolica in Security, Privacy & Compliance on
13 Replies
flashing a white screen while open new tab
Deleted in Discussions on
14 Replies
Extentions Synchronization
Deleted in Discussions on
3 Replies
Stable version of Edge insider browser
HotCakeX in Discussions on
35 Replies