Restrict external and Guest access by country / IP

%3CLINGO-SUB%20id%3D%22lingo-sub-1966513%22%20slang%3D%22en-US%22%3ERestrict%20external%20and%20Guest%20access%20by%20country%20%2F%20IP%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1966513%22%20slang%3D%22en-US%22%3E%3CP%3EWe%20have%20a%20requirement%20to%20block%20communication%20with%20specific%20countries%20%2F%20allow%20only%20specific%20countries%20due%20to%20regulations%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EIs%20there%20a%20way%20to%20get%20the%20IP%20addressed%20of%20the%20users%20that%20we%20have%20access%20as%20external%20users%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EIs%20there%20a%20way%20to%20get%20the%20IP%20addressed%20of%20the%20users%20that%20we%20have%20access%20as%20Guest%20users%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-1966513%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EGuest%20Access%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EHow-to%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EMicrosoft%20Teams%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1966770%22%20slang%3D%22en-US%22%3ERe%3A%20Restrict%20external%20and%20Guest%20access%20by%20country%20%2F%20IP%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1966770%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F39236%22%20target%3D%22_blank%22%3E%40Yoav%20Crombie%3C%2FA%3E%26nbsp%3BYou%20have%20to%20options%3A%3C%2FP%3E%0A%3CP%3EAzure%20AD%20Access%20Reviews%3A%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Factive-directory%2Fgovernance%2Faccess-reviews-overview%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3EWhat%20are%20access%20reviews%3F%20-%20Azure%20Active%20Directory%20%7C%20Microsoft%20Docs%3C%2FA%3E%3C%2FP%3E%0A%3CP%3EThis%20is%20a%20governance%20identity%20feature%26nbsp%3B%3CSPAN%3Eto%20make%20sure%20only%20the%20right%20people%20have%20continued%20access.%20Of%20course%20you%20can%20get%20the%20IP%20addresses%20from%20guest%20users%20in%20the%20Azure%20portal%20(Azure%20Active%20Directory%20-%20Activitiy%20-%20Sign-In%20Logs).%20But%20IP%20addresses%20can%20be%20changed%20by%20VPN%20or%20other%20services%20around%20the%20globe%20and%20it's%20hard%20to%20control%20that.%20%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSPAN%3EFor%20this%20case%2C%20you%20can%20use%20Conditional%20Access%20and%20define%20the%20IP%20range%20(it's%20called%20named%20locations)%20where%20users%20and%2For%20guests%20are%20allowed%20to%20sign-in%3A%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fpower-platform%2Fadmin%2Frestrict-access-online-trusted-ip-rules%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3EBlock%20access%20by%20location%20with%20Azure%20AD%20Conditional%20Access%20-%20Power%20Platform%20%7C%20Microsoft%20Docs%3C%2FA%3E%3C%2FSPAN%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E
Contributor

We have a requirement to block communication with specific countries / allow only specific countries due to regulations

 

Is there a way to get the IP addressed of the users that we have access as external users?

 

Is there a way to get the IP addressed of the users that we have access as Guest users?

 

 

1 Reply

@Yoav Crombie You have two options:

Azure AD Access Reviews: What are access reviews? - Azure Active Directory | Microsoft Docs

This is a governance identity feature to make sure only the right people have continued access. Of course you can get the IP addresses from guest users in the Azure portal (Azure Active Directory - Activitiy - Sign-In Logs). But IP addresses can be changed by VPN or other services around the globe and it's hard to control that.

 

For this case, you can use Conditional Access and define the IP range (it's called named locations) where users and/or guests are allowed to sign-in: Block access by location with Azure AD Conditional Access - Power Platform | Microsoft Docs