This Entra ID Conditional Access blog post will show how to block specific countries from logging in to Microsoft 365 apps and services.
Entra ID Conditional Access policies allow us to limit access to Microsoft 365 resources by setting rules and conditions. ACs are like firewall rules for identity management.
To block access from specific countries, we must create a country list and then a conditional access policy.
Create a Block List
The first step in creating a block countries policy is to create a list of countries we need to block. To create a list, Open Entra ID
Click on Security
Click Named locations
Create a new list with only the country or countries you need to block.
Once you have the list ready, it is time to create a conditional access policy.
To create a CA policy that blocks countries in our list, create a new CA and include all users (set under Users).
Under Target resources, select All Cloud apps.
Click on Conditions and click on Locations.
Select Yes and set the selected location to the location list we created before, as shown below.
To make the policy block access from the location in the list. Click on Access controls, and under Grant, select Block access as shown below.