cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
SOLVED

CA policy

Skipster311-1
Iron Contributor

‎Sep 01 2021 01:06 PM

‎Sep 01 2021 01:06 PM

CA policy

I'm trying to create a CA policy that forces mfa for access to azure management portal, and also source connection must be from the US. If i connect from outside the US i get access. I understand why its because i didn't meet all of the requirements. How can i allow access, but only allow from specific ip's ?

I dont want anyone to access the azure management portal from outside the US. I know i can setup a block rule, but then i cant use things like compliant device or force mfa. 

 

611 Views
0 Likes
1 Reply
Reply
1 Reply
best response confirmed by Skipster311-1 (Iron Contributor)
thijoubertold

‎Sep 01 2021 02:30 PM

‎Sep 01 2021 02:30 PM

Solution

Re: CA policy

Hello, you can do this with two CA policies:
- Policy 1 : Grant Access to Azure Management Portal from US IP address with MFA
- Policy 2 : Block Access to Azure Management Portal outside IP address

For the IP addresses you can use either "Countries (IP)" or "Trusted locations"
0 Likes
Reply
1 best response

Accepted Solutions
best response confirmed by Skipster311-1 (Iron Contributor)
thijoubertold

‎Sep 01 2021 02:30 PM

‎Sep 01 2021 02:30 PM

Solution

Re: CA policy

Hello, you can do this with two CA policies:
- Policy 1 : Grant Access to Azure Management Portal from US IP address with MFA
- Policy 2 : Block Access to Azure Management Portal outside IP address

For the IP addresses you can use either "Countries (IP)" or "Trusted locations"

View solution in original post

0 Likes
Reply