I recently upgraded our azure a/d licenses to get access to more security and reporting in azure a/d.
I want to create a conditional access policy that is very simple. I want to allow access to all of our office 365 applications and services (e.g. outlook desktop and mobile client, sharepoint online, etc...) from only within the United States.
I created a named location of united states with the countries/regions set to united states. I then tried to create access policy with a test user. For the condition, I have the 1 location condition that I made previously.
I then want to grant access only based on this. We use MFA for almost all office 365 users, but not 100% so I don't want to set any of these other requirements.
Without checking one of the grant access additional requirements, the Create box is grayed out / it won't let me create the policy.
Any idea how I can achieve this result?
FYI this is just a starting policy that will eliminate a ton of our login attempts.
For anyone else trying to do this, I created a named location of united states. I created a new policy, selected all cloud apps, set conditions of all platforms, and set client apps to browser and mobile apps and desktop clients.
Under the location condition, under the exclude tab, I used the united states named location.
Then, under access controls > Grant, I set it to block access and it let me create the policy. I tested it with a test user and vpn outside the US and it blocked access as expected.