Block Countries Using Conditional Access

This Entra ID Conditional Access blog post will show how to block specific countries from logging in to Microsoft 365 apps and services.

Entra ID Conditional Access policies allow us to limit access to Microsoft 365 resources by setting rules and conditions. ACs are like firewall rules for identity management.

To block access from specific countries, we must create a country list and then a conditional access policy.

Create a Block List

The first step in creating a block countries policy is to create a list of countries we need to block. To create a list, Open Entra ID

Click on Security

Click Named locations

Create a new list with only the country or countries you need to block.

Once you have the list ready, it is time to create a conditional access policy.

Block Countries

To create a CA policy that blocks countries in our list, create a new CA and include all users (set under Users).

Under Target resources, select All Cloud apps.

Click on Conditions and click on Locations.

Select Yes and set the selected location to the location list we created before, as shown below.

To make the policy block access from the location in the list. Click on Access controls, and under Grant, select Block access as shown below.

Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.