Feedback by UserVoice

How can we improve the tenant admin features O365?

Block logins from other countries

It would improve security if we can restrict O365 logins to a specific geographic region. Or exclude specific countries if we identify major hacking attempts from those countries.

2,812 votes
Vote
Sign in
Check!
(thinking…)
Reset
or sign in with
  • facebook
  • google
    Password icon
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    Gerard shared this idea  ·   ·  Flag idea as inappropriate…  ·  Admin →

    154 comments

    Sign in
    Check!
    (thinking…)
    Reset
    or sign in with
    • facebook
    • google
      Password icon
      Signed in as (Sign out)
      Submitting...
      • John Bishop commented  ·   ·  Flag as inappropriate

        You gotta love some of these comments, Azure already does this, if you're changing user passwords 35 times a day, you need to enable MFA, you're doing it wrong.

      • Anonymous commented  ·   ·  Flag as inappropriate

        We have bad actors that make multiple attempts daily to break into our tenant. We need the ability to restrict logins/connection to USA locations only!

      • Jonathan Mergy commented  ·   ·  Flag as inappropriate

        We've done all we can with the existing O365 tools but I really need the ability to inhibit any authentication actions by country, IP range, etc. I have servers in China just pegging specific accounts and it's crazy I can't just cut them off.

      • Roel commented  ·   ·  Flag as inappropriate

        Accounts keep getting locked because of hacking attempts from China (MFA prevents any successful attempts, but my account is locked continuously because China tries to login a 1000 times per day).

      • Tom Coglianese commented  ·   ·  Flag as inappropriate

        We desperately need this! Small and medium sized municipalities simply don't have the additional budget for the incremental license upgrades and honestly we had much better control before moving these services off prem!

      • Dennis commented  ·   ·  Flag as inappropriate

        Consider putting your ADFS external portal behind a cloud web application firewall. Then whitelist your firewall.

        Then in your firewall, geoblock locations.

        I have setup Imperva Incapusla, but there are options. Always test first, so consider spinning up a second, identically configured adfs deployment and test.

      • Ibrahim commented  ·   ·  Flag as inappropriate

        Why is this basic security feature not included in all versions of Azure AD? We are already spending a hefty amount with Microsoft's cloud services, this is a must include in all Azure AD levels.

      • Tony commented  ·   ·  Flag as inappropriate

        Using conditional access requires an Azure AD Premium license. We moved to the cloud to save $$ and be more "Secure" so far neither. That's what the sales person fails to tell you...you need $5 per user for this, $2 for that.

      • Ben Bazian commented  ·   ·  Flag as inappropriate

        Blocking IP access and regional access should be a basic option. Should not have to pay an arm and a leg to protect my accounts.

      • Anonymous commented  ·   ·  Flag as inappropriate

        It does fall under Azure Condition Access policies, but is a costly addon I believe.

      • Anonymous commented  ·   ·  Flag as inappropriate

        Doesn't this option fall under Azure Condition Access policies?
        You can restrict access by Device, Application, Network location.
        Simply setup preferred locations or IP addresses and then create a policy that includes all users in the company and add the preferred location on it. Login attempts that are from other IPs or Countries specified by you will be blocked automatically.
        https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/overview
        NOTE: You will need a license for this.

      • Godzilla commented  ·   ·  Flag as inappropriate

        Can we please, block access by region / country? I am tired of resetting user passwords and reporting it to the FBI...

      • Anonymous commented  ·   ·  Flag as inappropriate

        For the love of god, please make office 365 more secure. I have to reset 3-5 users per week that get their accounts hacked. Does microsoft even care anymore??

      • Kevin Kinneer commented  ·   ·  Flag as inappropriate

        I was just looking at our security training presentation. We have a blurb that mentions "Your O365 account can be accessed from anywhere in the world" and suddenly I'm thinking "Wait that's ridiculous." This absolutely should be a base feature.

      ← Previous 1 3 4 5 6 7 8

      Feedback and Knowledge Base