MS currently allows tenant restriction via conditional access policies for both O365 and Azure. Users need P1 at a minimum to get this type of functionality. It seems to me that restricting your O365 tenant based on geography should be a basic security provision and I'm curious if anyone knows of another way without actually subscribing to P1. Even though I agree that MFA should also be in place as a precaution, I'm not looking to that as an answer. Exchange Online allows restriction of mail via geography, why shouldn't the o365 tenant? I really hope MS adds this ability to their basic toolset in the near future, or maybe someone can steer me in a different direction.