Aug 17 2020 05:36 PM
Hi All,
I'm currently experimenting with CAS to see how much automation can be done with the tool. Is there a way to automatically add IP addresses that are failing to authenticate to the blacklist? (Perhaps utilizing CAS with Power Automate) I am trying to avoid using third party tools and I don't want to have to manually review each alert that is coming from a few countries that have constantly tried to log into user accounts.
Thanks in advance!
Feb 04 2021 07:46 AM
Did you find a way to do this at all? Would be extremely helpful for us as well. @bryant125
Feb 06 2021 03:43 AM
Hi @Aaron Horna,
my approach for Cloud Apps is to use SSO from AAD whenever possible. Among many other benefits, in Conditional Access you can configure rules that use named locations - which can also be countries.
However, an even better approach would be to use Device State (Managed, Compliant) and Session Risks from AAD Identity Protection instead of IP addresses. It's not that hard for an attacker to obtain an IP address from your country.
Greetings Chris