Feedback by UserVoice

How can we improve the tenant admin features O365?

Block logins from other countries

It would improve security if we can restrict O365 logins to a specific geographic region. Or exclude specific countries if we identify major hacking attempts from those countries.

2,598 votes
Vote
Sign in
Check!
(thinking…)
Reset
or sign in with
  • facebook
  • google
    Password icon
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    Gerard shared this idea  ·   ·  Flag idea as inappropriate…  ·  Admin →

    145 comments

    Sign in
    Check!
    (thinking…)
    Reset
    or sign in with
    • facebook
    • google
      Password icon
      Signed in as (Sign out)
      Submitting...
      • Tom Coglianese commented  ·   ·  Flag as inappropriate

        We desperately need this! Small and medium sized municipalities simply don't have the additional budget for the incremental license upgrades and honestly we had much better control before moving these services off prem!

      • Dennis commented  ·   ·  Flag as inappropriate

        Consider putting your ADFS external portal behind a cloud web application firewall. Then whitelist your firewall.

        Then in your firewall, geoblock locations.

        I have setup Imperva Incapusla, but there are options. Always test first, so consider spinning up a second, identically configured adfs deployment and test.

      • Ibrahim commented  ·   ·  Flag as inappropriate

        Why is this basic security feature not included in all versions of Azure AD? We are already spending a hefty amount with Microsoft's cloud services, this is a must include in all Azure AD levels.

      • Tony commented  ·   ·  Flag as inappropriate

        Using conditional access requires an Azure AD Premium license. We moved to the cloud to save $$ and be more "Secure" so far neither. That's what the sales person fails to tell you...you need $5 per user for this, $2 for that.

      • Ben Bazian commented  ·   ·  Flag as inappropriate

        Blocking IP access and regional access should be a basic option. Should not have to pay an arm and a leg to protect my accounts.

      • Anonymous commented  ·   ·  Flag as inappropriate

        It does fall under Azure Condition Access policies, but is a costly addon I believe.

      • Anonymous commented  ·   ·  Flag as inappropriate

        Doesn't this option fall under Azure Condition Access policies?
        You can restrict access by Device, Application, Network location.
        Simply setup preferred locations or IP addresses and then create a policy that includes all users in the company and add the preferred location on it. Login attempts that are from other IPs or Countries specified by you will be blocked automatically.
        https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/overview
        NOTE: You will need a license for this.

      • Godzilla commented  ·   ·  Flag as inappropriate

        Can we please, block access by region / country? I am tired of resetting user passwords and reporting it to the FBI...

      • Anonymous commented  ·   ·  Flag as inappropriate

        For the love of god, please make office 365 more secure. I have to reset 3-5 users per week that get their accounts hacked. Does microsoft even care anymore??

      • Kevin Kinneer commented  ·   ·  Flag as inappropriate

        I was just looking at our security training presentation. We have a blurb that mentions "Your O365 account can be accessed from anywhere in the world" and suddenly I'm thinking "Wait that's ridiculous." This absolutely should be a base feature.

      • Scott Carlow commented  ·   ·  Flag as inappropriate

        This should absolutely be considered a basic security setting. Conditional Access policies, and the licensing that ability comes with, shouldn't be necessary to outright deny auth attempts from certain geographical regions.

      • Bob Wilkerson commented  ·   ·  Flag as inappropriate

        We can't keep up with the brute force attacks from other countries. We have the Extranet Lockout Policies set but it does not seem to make much of a difference. I can identify countries by the logs but cannot do anything about them

      • Luc L. commented  ·   ·  Flag as inappropriate

        ASAP Please. To help with the internal lockouts, you can enableExtranetLockout on your ADFS setup.

      • Anonymous commented  ·   ·  Flag as inappropriate

        Hi,

        Did we try using smart lockout functionality? For federated domains it is available for Windows Server 2016 and by default enabled for Password Hash synced users.

      • Anonymous commented  ·   ·  Flag as inappropriate

        Please add as soon as you can. This is getting to be nuts. I am dealing with brute force attacks every day.

      • Jason Moyer commented  ·   ·  Flag as inappropriate

        +1 A customer is dealing with 80 plus lockouts a day because of brute force attacks from foreign countries they don't do any business with...This is the biggest issue for their help desk... Please add this option.

      • Joseph Tullis commented  ·   ·  Flag as inappropriate

        Concur. Our small business is also not going to pay for a premium Azure license after having paid for Office 365. This should be enabled by default and then we have to enable sign ins from other countries if anyone is going to travel abroad. Please fix this Microsoft.

      ← Previous 1 3 4 5 6 7 8

      Feedback and Knowledge Base