Situation: the client would like to restrict access to Azure administration portals to known IP addresses (their company public IP addresses) only.
Step 1: Created a Named Location.
- Login Azure portal.
- Click on Active Directory.
3. Click Security on the left pane.
4. Click on Named location on the left.
5. Click on IP ranges Location.
6. Enter the Name and then click on +.
7. Enter the IP range you want to use and click Add.
8. You can add as many IP addresses as you want. Then click Create.
Step 2: Create a Conditional Access Policy
- Under Security, select Condition Access.
2. Click + New policy.
3. Enter the policy name.
Step 3: Modify Assignments
- Click on Users or workload identities.
Under Include, check All users.
To exclude yourself from this policy, click on Exclude. Add users or groups who will be excluded from this policy.
2. Click on Cloud Apps or Action
Under Cloud apps, Select apps. In our example, Microsoft Azure Management.
Click on Conditions.
Click on Locations.
Under Include, check Any Location.
Click on Exclude, then select the IP Range you create on step 1.
Step 4: Save and test.