We have created a conditional access policy to block all locations except for the UK where we are based. This appeared to be working fine and I could see all the failures in the sign-in log from US, RU etc however I noticed a few successful sign-ins from the US using the method PHS. I checked the IPs in whatsmyip.com and they were from the US. The user was definitely sat at home on this day, in the UK? How could this have occurred? I'm not sure if this a breach or a mis-configuration? TIA, Stuart
OK we've figured this one out, conditional access policies are not supported with legacy authentication apps, like exchange active sync, so we need to block the legacy apps to make this policy effective.