Block logins from other countries
It would improve security if we can restrict O365 logins to a specific geographic region. Or exclude specific countries if we identify major hacking attempts from those countries.
Azure Active Directory Conditional Access has functionality for “Countries/Regions” – see https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/location-condition
That said, the most effective protection you can have against password spray attacks is to enable MFA and disable basic authentication. If you cannot do this for your entire organization, then blocking user access to legacy protocols like POP, EWS, IMAP and SMTP is another step you can take. Exchange Online Client Access Rules can help you to further customize (https://docs.microsoft.com/en-us/exchange/clients-and-mobile-in-exchange-online/client-access-rules/client-access-rules). For additional recommendations, please see Office 365 Secure Score.
That said, please know that we are listening to feedback and working on solutions to help make Office 365 users more secure. Thank you for the feedback.
Matt Sokolow commented
This needs to be a thing! Come one Microsoft! over 1 year and a half and we're STILL screaming for this feature! I have thousands of failed login attempts from China, and hundreds from other hacker-friendly countries. It would be ideal if we could block it right from the Audit Log, and also the Suspected Logins sections of O365/Azure.
I see people suggesting using Azure P1 or P2 licenses, but I don't see how this is a solution. Is each customer supposed to add every IP address range for their country as a safe IP location?
Jason Valentine commented
With Microsoft's dedication to security , it does not make sense that this is not an available option in the O365 Tenants.
THIS SHOULD BE STANDARD!!! WE SHOULDN'T HAVE TO PAY EXTRA FOR AZURE AD PREMIUM TO DO THIS!!
impossible travel 2nd sign in Nigeria - OF COURSE ITS IMPOSSIBLE BECAUSE WE HAVE NO ONE THAT TRAVELS THERE!!!
Can we just block Nigeria? Really! That would block 80% of the phishing.
A million times this. I shouldn't be having to explain to customers why the 3rd world hasn't been dropped the banhammer and I'm gonna throw M$FT under the bus every time.
+3, would be very useful to have this feature
We are seeing multiple failed logins from China today. Would be nice to be able to blanket block any IP that Office 365 recognizes as China.
add the feature, we got hacked from Nigeria last night!
Also, MFA is a good substitute and we use this feature for some users which travel and for important accounts like GAA but it is unrealistic to force the population to use MFA at this time. The much touted P2 is expensive venture as stated but overkill for a something as simple as preventing specific IP's to access our tenants.
I have also seen an uptick in unwanted logins to accounts from locations where the users are not located, Has anyone found a way to prevent this very serious issue. I Know Microsoft O365 meets all compliance and in some cases exceed but i would think that this point on this thread challenges the claimed compliance and security (If i worked for a Hospital i would scream HIPA violation) need answers
Such an easy thing to implement, should already be there.
100% Crazy that this is not already an option.
Chris Hoche commented
I think this would be a great option to have as we keep getting compromised accounts from IPs in Lagos, Nigeria.
The one thing I have done though was looks up a list of all IP address blocks used by said country, and created a policy.
Office 365 Cloud App Security > Control > Policies > Create activity policy > Add "Risky IP Addresses" and then under Governance > Enable Suspend User and > Enable Require User to sign in again.
I have created a similar policy to notify me of all "Logons Outside the United States" for selected O365 services.
Works really well IMO.
Jason Emery commented
This would be a great feature. I am told you can do this with Azure AD Premium, but it would seem to be a simple security step that should be available to all O365 tenants no matter the licensing level. Obviously the bad guys can get around it by proxying to a computer in the US or any other country you are not blocking. But like anything security is about layers. If you throw enough of them down, they will move on to easier targets.
Also saw malicious Nigerian login on client email. Appears that Azure AD P2 subscription allows for polcies and reporting around log in location, IP filtering and "suspicious" log in events.
This type of reporting and configuration is clearly available but will almost double the total cost of an E1 or 365 Business Pro Account making it a hard sell.
Google Apps has this out of the box.
Rob Fitzgerald commented
Same, this needs to be added. Yes, some could get around this with a proxy, but it should be an easy addition and it will help increase security.
Same deal...I am seeing fraudulent logins from Nigeria.
This is absolutely necessary, and I'm frankly shocked and dismayed by Microsoft's negligence in not instituting such functionality, especially this long after the introduction of the service.
2FA is quite helpful, but honestly, with or without 2FA, I don't want anyone within certain countries' net blocks to be able to login to our O365 accounts. I don't want to mess with Azure AD or anything else (especially as those solutions aren't really what I want anyway), I simply want to be able to tell Exchange365 that no one with an IP originating in rogue states is allowed to log in, period.
Seriously, this is not a complex or new proposition. I can ban whole countries at a click from /sending/ me mail, why can't I block them from login?