Forum Discussion

Dan-sec-1992's avatar
Dan-sec-1992
Copper Contributor
Oct 19, 2022

Conditional access legacy Auth

Hey,   Is it possible to allow certain IPs to connect via legacy Auth however, block the rest within conditional access policy?   For example block legacy Auth for account1 unless there is a conn...
azure
  • vassilis-MSFT's avatar
    vassilis-MSFT
    Oct 21, 2022

    Hey Dan-sec-1992,

     Conditional Access Policies are a type of nested "if-else" sets in order to control flow of a sign-in and either grant or block access under circumstances.

     

    So, coming back to your question, if you set in the "Conditions" section of your CAP the "Location" property to "Exclude" a named location that you have already preset with the range of your IPs then you should be fine.

     

    Maybe this screenshot will help:

     

    I have checked it and it worked as expected, based on the sign-in logs output, success/failed by adding/removing my home IP.

     

    HTH!

    Vassilis

     

vassilis-MSFT's avatar
vassilis-MSFT
Learn Expert

Hey Dan-sec-1992,

 Conditional Access Policies are a type of nested "if-else" sets in order to control flow of a sign-in and either grant or block access under circumstances.

 

So, coming back to your question, if you set in the "Conditions" section of your CAP the "Location" property to "Exclude" a named location that you have already preset with the range of your IPs then you should be fine.

 

Maybe this screenshot will help:

 

I have checked it and it worked as expected, based on the sign-in logs output, success/failed by adding/removing my home IP.

 

HTH!

Vassilis

 

Dan-sec-1992's avatar
Dan-sec-1992
Copper Contributor
Oct 22, 2022
Really appreciate it, makes perfect sense. Will implement this next week.

Resources