Conditional Access Block access based on country location

Microsoft Entra ID Microsoft Security Hardening
msft

Conditional Access Block access based on country location

Koşullu Erişim politikaları, birinci faktör kimlik doğrulaması tamamlandıktan sonra uygulanır. Koşullu Erişimin, hizmet reddi (DoS) saldırıları gibi senaryolar için bir kuruluşun ilk savunma hattı olması amaçlanmamıştır ancak erişimi belirlemek için bu olaylardan gelen sinyalleri kullanabilir.

Konum koşulu genellikle kuruluşunuzun trafiğin gelmemesi gerektiğini bildiği ülkelerden/bölgelerden erişimi engellemek için kullanılır.

Define locations

Follow these steps:

Sign in to the Microsoft Entra admin center as at least a Conditional Access Administrator.

Browse to Protection > Conditional Access > Named locations.

Choose the type of location to create.

Countries location Give your location a name.

Select Countries/Regions for the location you specified.
If you choose Countries/Regions, you can optionally choose to include unknown areas.
Select Create

Türkiye hariç diğer ülkelerin seçimini yapmış olduk. Böylelikle sadece Türkiye üzerinden girişlere izin veriyor olacağız.

Create a Conditional Access policy

Follow these steps:

Sign in to the Microsoft Entra admin center as at least a Conditional Access Administrator.

Browse to Protection > Conditional Access.

Select Create new policy.

Give your policy a name. We recommend that organizations create a meaningful standard for the names of their policies.

Under Assignments, select Users or workload identities.

Under Include, select All users.
Under Exclude, select Users and groups and choose your organization’s emergency access or break-glass accounts.
Under Target resources > Cloud apps > Include, select All cloud apps.

Under Network.

Set Configure to Yes
Under Include, select Selected networks and locations
Select the blocked location you created for your organization.
Click Select.
Under Access controls > select Block Access, and click Select.

Confirm your settings and set Enable policy to Report-only.

Select Create to create to enable your policy.

After administrators confirm the settings using report-only mode, they can move the Enable policy toggle from Report-only to On.

Example

References

https://learn.microsoft.com/en-us/entra/identity/conditional-access/howto-conditional-access-policy-location

Website https://www.msftadvocate.com

Leave a Reply

Your email address will not be published. Required fields are marked *

Related Posts

Back To Top