Create a conditional access policies for Block access by location

Define locations

1. Sign in to the Azure portal as a global administrator, security administrator, or Conditional Access administrator.
2. Browse to Azure Active Directory > Security > Conditional Access > Named locations.
3. Choose New location.
4. Give your location a name.
5. Choose IP ranges if you know the specific externally accessible IPv4 address ranges that make up that location or Countries/Regions.
   Provide the IP ranges or select the Countries/Regions for the location you are specifying.
   • If you choose Countries/Regions, you can optionally choose to include unknown areas.
6. Choose Save

Create a Conditional Access policy

1. Sign in to the Azure portal as a global administrator, security administrator, or Conditional Access administrator.
2. Browse to Azure Active Directory > Security > Conditional Access.
3. Select New policy.
4. Give your policy a name. We recommend that organizations create a meaningful standard for the names of their policies.
5. Under Assignments, select Users and groups
   1. Under Include, select All users.
   2. Under Exclude, select Users and groups and choose your organization’s emergency access or break-glass accounts.
   3. Select Done.
6. Under Cloud apps or actions > Include, and select All cloud apps.
7. Under Conditions > Location.
   1. Set Configure to Yes
   2. Under Include, select Selected locations
   3. Select the blocked location you created for your organization.
   4. Click Select.
8. Under Access controls > select Block Access, and click Select.
9. Confirm your settings and set Enable policy to Report-only.
10. Select Create to create to enable your policy.