These steps show an example of how to allow/block specific countries/locations from the Conditional Access policy and are based on a policy that BEMO deploys to each tenant during the Identity Protection implementation: Block Traffic from Outside the US.
Traffic Not Allowed From is the Named Location used in the Conditional Access Policy Block Traffic from Outside the US.
Changing the list of countries included in this list will change the countries from which the users can connect.
If you add a country to the list, it will block the sign-ins. If you remove the country from the list, it will allow the sign-ins.
Here are the steps:
- Head over to https://portal.azure.com/ and log in with your Admin account
- Go to the Azure Active Directory page
On the left menu, select the Security Page
Click on Conditional Access
On the left menu, go to Named Locations
Click on the policy "Traffic Not Allowed From"
As a default, the countries will be checked (Note: These boxes being checked means that traffic is not allowed from those places)
Search for the country that you want to allow/exempt from the Conditional Access policy
Uncheck the box from that/those countries and save
Now, the traffic from unchecked countries is allowed
You can do this process as well for blocking countries. Simply check the box of the countries you want to block the access from.
If you have any further questions, please contact us at firstname.lastname@example.org
Please sign in to leave a comment.