Block logins from other countries
It would improve security if we can restrict O365 logins to a specific geographic region. Or exclude specific countries if we identify major hacking attempts from those countries.
Azure Active Directory Conditional Access has functionality for “Countries/Regions” – see https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/location-condition
That said, the most effective protection you can have against password spray attacks is to enable MFA and disable basic authentication. If you cannot do this for your entire organization, then blocking user access to legacy protocols like POP, EWS, IMAP and SMTP is another step you can take. Exchange Online Client Access Rules can help you to further customize (https://docs.microsoft.com/en-us/exchange/clients-and-mobile-in-exchange-online/client-access-rules/client-access-rules). For additional recommendations, please see Office 365 Secure Score.
That said, please know that we are listening to feedback and working on solutions to help make Office 365 users more secure. Thank you for the feedback.
This is clearly an important feature that needs to be added to O365 to improve security of your product.
No brainer here.
This needs to be added yesterday.
you can create a conditional policy in Azure AD P1 that wokrs on trusted devices, domains, or IP address ranges and locations (geographical locations)
Toby Stephenson commented
Have the same issues/need but want to restrict a specific sharepoint site to UK access only
Jeff Noel commented
We are a US-based company. Our only option right now to restrict Sharepoint login to the US (all of it) is to place over 6000 subnet entries in the Device Access list. This is a tad crazy. Please add a Geo-IP filter so we can filter by country.
Roberto Del Vecchio commented
This feature would be great. Blocking countries outside of where your users are should be a standard these days.
Paul Garbett commented
We are also seeing similar behaviour to below and would like to be able to control what countries can login to our tenant,
Drew Turner commented
Have seen a sharp uptick in this since Q1 2017. This feature would be great and should probably be standard for enterprise O365 licensing.
I believe this feature, conditional logins, is available in Azure P2 licenses, but it's expensive.
recommender to use MFA (multi functional authenticator) Build-in Microsoft 365
This would be a great security feature, as it would prevent unauthorized logins from certain countries (similar to spam filtering by region).
This is also something that I would really like to have, We also had someone successfully hack one of our accounts from Nigeria.
Devesh Natalia commented
This is something I would be interested in setting up within my organisation - have Microsoft made this feature available to Office365 customers?
Yes! absolutely. We recently got hacked and are still getting malicious login attempts from...Malaysia. No need to ever let anyone login from Malaysia to our office 365 account.