SOLVED

Restricting access based on location

%3CLINGO-SUB%20id%3D%22lingo-sub-73943%22%20slang%3D%22en-US%22%3ERestricting%20access%20based%20on%20location%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-73943%22%20slang%3D%22en-US%22%3E%3CP%3EOur%20customer%20has%20a%20requirement%20to%20block%20access%20to%20their%20data%20for%20anyone%20outside%20of%20the%20country.%20At%20the%20moment%20they%20do%20this%20by%20forcing%20users%20with%20company%20supplied%20mobile%20devices%20to%20hand%20them%20back%20to%20the%20company%20when%20travelling%20overseas.%20Are%20there%20any%20polices%20or%20tools%20avaialable%20in%20Office%20365%20that%20will%20help%20them%20acheive%20that%3F%20The%20closest%20I%20can%20see%20is%20the%20conditional%20access%20rules%2C%20but%20this%20would%20be%20difficult%20to%20manage.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EDan%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-73943%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EInformation%20Protection%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-89870%22%20slang%3D%22en-US%22%3ERe%3A%20Restricting%20access%20based%20on%20location%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-89870%22%20slang%3D%22en-US%22%3EI%20believe%20they've%20interpreted%20a%20legal%20requirement%20for%20data%20sovereignty%20as%20meaning%20no-one%20outside%20the%20country%20can%20access%20the%20data.%20Not%20sure%20how%20accurate%20that%20interpretation%20is.%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-87002%22%20slang%3D%22en-US%22%3ERe%3A%20Restricting%20access%20based%20on%20location%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-87002%22%20slang%3D%22en-US%22%3E%3CP%3EI'm%20curious%2C%20what%20is%20the%20basis%20for%20that%20type%20of%20requirement%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-73990%22%20slang%3D%22en-US%22%3ERe%3A%20Restricting%20access%20based%20on%20location%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-73990%22%20slang%3D%22en-US%22%3E%3CP%3EWell%2C%20how%20do%20you%20define%20%22outside%20of%20the%20country%22%20in%20this%20scenario%3F%20If%20based%20on%20IP%20(geo-tagging)%2C%20you%20can%20certainly%20use%20Conditional%20access%20by%20adding%20work%20locations%2Ftrusted%20IPs.%20Of%20course%20this%20information%20can%20be%20incorrect%20in%20some%20cases.%20But%20you%20can%20also%20combine%20Conditional%20access%20with%20MFA%20enforcements%20and%20make%20sure%20that%20the%20%22authentication%20phone%22%20is%20one%20that%20can%20only%20be%20dialed%20in%20the%20home%20country%20(no%20roaming).%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EBut%20in%20general%20there%20is%20no%20%22restrict%20by%20country%22%20setting%20you%20can%20use.%3C%2FP%3E%3C%2FLINGO-BODY%3E
Frequent Contributor

Our customer has a requirement to block access to their data for anyone outside of the country. At the moment they do this by forcing users with company supplied mobile devices to hand them back to the company when travelling overseas. Are there any polices or tools avaialable in Office 365 that will help them acheive that? The closest I can see is the conditional access rules, but this would be difficult to manage.

 

Dan

3 Replies
best response confirmed by Dan Snape (Frequent Contributor)
Solution

Well, how do you define "outside of the country" in this scenario? If based on IP (geo-tagging), you can certainly use Conditional access by adding work locations/trusted IPs. Of course this information can be incorrect in some cases. But you can also combine Conditional access with MFA enforcements and make sure that the "authentication phone" is one that can only be dialed in the home country (no roaming).

 

But in general there is no "restrict by country" setting you can use.

I'm curious, what is the basis for that type of requirement?

I believe they've interpreted a legal requirement for data sovereignty as meaning no-one outside the country can access the data. Not sure how accurate that interpretation is.