SOLVED

CA policy

Frequent Contributor

I'm trying to create a CA policy that forces mfa for access to azure management portal, and also source connection must be from the US. If i connect from outside the US i get access. I understand why its because i didn't meet all of the requirements. How can i allow access, but only allow from specific ip's ?

I dont want anyone to access the azure management portal from outside the US. I know i can setup a block rule, but then i cant use things like compliant device or force mfa. 

 

1 Reply
best response confirmed by Skipster311-1 (Frequent Contributor)
Solution
Hello, you can do this with two CA policies:
- Policy 1 : Grant Access to Azure Management Portal from US IP address with MFA
- Policy 2 : Block Access to Azure Management Portal outside IP address

For the IP addresses you can use either "Countries (IP)" or "Trusted locations"