Dec 04 2020
- last edited on
Jan 14 2022
as per the question title - I would like to be able to restrict access to an AAD App registration / Enterprise App so that just a single server or IP can authenticate and use the app.
The App registration is currently set up to use a client secret for access which is called via python. I have tried setting up conditional access policy to restrict to a named location that contained the single IP address but discovered that CA IP restrictions only apply to user authentication and not to programmatic using secrets.
This is something that is being developed so we can be adaptable and reconfigure things is required but Im struggling to find a way to restrict things in this way to be restricted to a single server. The server is currently on premises but we are migrating everything into Azure anyway, so if there is a solution that requires the server to be in Azure , such as creating and using an endpoint for example, that might work also.
I was also trying to look into the possibility of using a certificate instead but wanted to see if an issued certificate could be configured to only work from a single IP or MAC address for added security.
Hopefully someone will have so ideas that can help me with this.
Thanks for any suggestions
Dec 05 2020 08:57 AM
This is not available yet, CAs currently do not apply to app logins.
Dec 08 2020 08:47 AM
Dec 16 2020 08:04 AM
@Thijs Lecomte thanks for the suggestion. We currently do not have sentinel in place but there is an ongoing project planned to set it up so we can look at that then.
Apr 15 2021 07:57 AM - edited Apr 15 2021 08:00 AM
@Vasil Michev Hello, it has been a few months since AppRed restriction by IP has been asked, is this available yet? If not, is it on a roadmap? Is there any other way to restrict by IP other than CA?
Apr 23 2021 06:32 AM
May 24 2022 02:09 PM - edited May 24 2022 02:18 PM
Are there news for that feature? Uservoice link is broken.... ;-(
EDIT have found similar question
Conditional Access for cusotm App Registrations · Community (azure.com)
Please rate :)