cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
SOLVED

Conditional access legacy Auth

Dan-sec-1992
Copper Contributor

‎Oct 19 2022 03:27 PM

‎Oct 19 2022 03:27 PM

Conditional access legacy Auth

Hey,

 

Is it possible to allow certain IPs to connect via legacy Auth however, block the rest within conditional access policy?

 

For example block legacy Auth for account1 unless there is a connection by IP address 1?

Labels:
522 Views
0 Likes
2 Replies
Reply
2 Replies
best response confirmed by Dan-sec-1992 (Copper Contributor)
vassilis-MSFT

‎Oct 21 2022 11:36 AM

‎Oct 21 2022 11:36 AM

Solution

Re: Conditional access legacy Auth

Hey @Dan-sec-1992,

 Conditional Access Policies are a type of nested "if-else" sets in order to control flow of a sign-in and either grant or block access under circumstances.

 

So, coming back to your question, if you set in the "Conditions" section of your CAP the "Location" property to "Exclude" a named location that you have already preset with the range of your IPs then you should be fine.

 

Maybe this screenshot will help:

Screenshot 2022-10-21 212530.png

 

I have checked it and it worked as expected, based on the sign-in logs output, success/failed by adding/removing my home IP.

2022-10-21_21-31-44.png

 

HTH!

Vassilis

 

0 Likes
Reply
Dan-sec-1992

‎Oct 22 2022 02:08 AM

‎Oct 22 2022 02:08 AM

Re: Conditional access legacy Auth

Really appreciate it, makes perfect sense. Will implement this next week.
0 Likes
Reply
1 best response

Accepted Solutions
best response confirmed by Dan-sec-1992 (Copper Contributor)
vassilis-MSFT

‎Oct 21 2022 11:36 AM

‎Oct 21 2022 11:36 AM

Solution

Re: Conditional access legacy Auth

Hey @Dan-sec-1992,

 Conditional Access Policies are a type of nested "if-else" sets in order to control flow of a sign-in and either grant or block access under circumstances.

 

So, coming back to your question, if you set in the "Conditions" section of your CAP the "Location" property to "Exclude" a named location that you have already preset with the range of your IPs then you should be fine.

 

Maybe this screenshot will help:

Screenshot 2022-10-21 212530.png

 

I have checked it and it worked as expected, based on the sign-in logs output, success/failed by adding/removing my home IP.

2022-10-21_21-31-44.png

 

HTH!

Vassilis

 

View solution in original post

0 Likes
Reply