Azure Active Directory Conditional Access has functionality for “Countries/Regions” – see https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/location-condition
This would be a great feature. I am told you can do this with Azure AD Premium, but it would seem to be a simple security step that should be available to all O365 tenants no matter the licensing level. Obviously the bad guys can get around it by proxying to a computer in the US or any other country you are not blocking. But like anything security is about layers. If you throw enough of them down, they will move on to easier targets.
I agree. I know this can be done with Azure AD Premium but this would seem to be a basic functional feature. I would like to see the ability to set this per user or group. There are many folks in our environment that do not need access to our O365 tenant outside the corporate network. This would be a very simple and effective security and labor control setting.
I believe this should be available either with Azure AD basic and/or to allow the login time restrictions to pass into O365 from AD via DirSync. I don't believe you should have to purchase Azure AD Premium for simple control policies.
I agree. We have labor issues to address and I believe this has security ramifications also. Ideally I would like to see the local AD time restrictions pass into O365 from the AD sync tool.
I agree, this is a very useful feature and is something most of mail providers support.
6 votesJason Emery shared this idea ·
I agree, having MFA for global admin accounts is a great way to increase security. However, it is very hobbled in it's functionality. You need to be able to support it across the entire O365 environment. So many things have to be done via powershell that we find ourselves turning it on and off, or just leaving it off many times for global admins.