My organization has been stormed with spear phishing attempts over the past month. One of them hit my CEO and was successful. Imediately after the successful PHISH there were several things that happend to his Office365 Mailbox through the web portal (rules etc..) . This is not the first time this has happened and each time through remediation it was determined the access was coming from Eastern Europe. I was wondering if there was a way to prevent logins from specific regions that you dont do business in and would never have users travel to that needed access to thier accounts. I have a few Barracuda products protecting some web apps we host and this is a firewall feature..
I would suggest that you look into Conditional Access as a feature Azure Active Directory Premium (licensing required). One of the features it has is setting up a trigger based on the actor account geographic location. If the account is not signing on to a trusted network, the trigger can be set to block access as part of a block control. You will need to supply a list of CIDR IP ranges that are trusted. I hope this helps. - Josh