Oct 19 2022 03:27 PM
Hey,
Is it possible to allow certain IPs to connect via legacy Auth however, block the rest within conditional access policy?
For example block legacy Auth for account1 unless there is a connection by IP address 1?
Oct 21 2022 11:36 AM
SolutionHey @Dan-sec-1992,
Conditional Access Policies are a type of nested "if-else" sets in order to control flow of a sign-in and either grant or block access under circumstances.
So, coming back to your question, if you set in the "Conditions" section of your CAP the "Location" property to "Exclude" a named location that you have already preset with the range of your IPs then you should be fine.
Maybe this screenshot will help:
I have checked it and it worked as expected, based on the sign-in logs output, success/failed by adding/removing my home IP.
HTH!
Vassilis
Oct 22 2022 02:08 AM
Oct 21 2022 11:36 AM
SolutionHey @Dan-sec-1992,
Conditional Access Policies are a type of nested "if-else" sets in order to control flow of a sign-in and either grant or block access under circumstances.
So, coming back to your question, if you set in the "Conditions" section of your CAP the "Location" property to "Exclude" a named location that you have already preset with the range of your IPs then you should be fine.
Maybe this screenshot will help:
I have checked it and it worked as expected, based on the sign-in logs output, success/failed by adding/removing my home IP.
HTH!
Vassilis