Conditional-Access

Understanding Geographic-Based Access Controls Geographic-based access controls are crucial for organizations looking to maintain compliance with international regulations or enhance security by removing some low hanging fruit. One specific use case is blocking access from OFAC sanctioned countries while allowing access from trusted locations. Implementation Steps 1. Create a Report-Only Policy First, create a policy in report-only mode to assess impact: Navigate to Azure Portal > Azure AD > Security > Conditional Access Create a new policy Configure the following settings: Users and groups: All users Cloud apps or actions: All cloud apps Conditions: Locations > Configure > Selected locations Access controls: Block access Enable policy: Report-only 2. Configure Location Conditions Create a list of blocked locations: ...

Introduction Securing Azure infrastructure requires implementing multiple layers of security controls. This post walks through implementing essential security policies to protect your Azure environment. Preventing Public Blob Storage Access One common security risk is accidentally exposing blob storage containers publicly. Azure Policy can prevent this: Navigate to Azure Policy Search for the built-in policy “Configure your Storage account public access to be disallowed” Assign the policy at your desired scope (subscription or management group) Set the effect to “Deny” to prevent creation of public containers { "properties": { "displayName": "Prevent Public Blob Access", "policyType": "BuiltIn", "mode": "All", "parameters": {}, "policyRule": { "if": { "allOf": [ { "field": "type", "equals": "Microsoft.Storage/storageAccounts" }, { "field": "Microsoft.Storage/storageAccounts/allowBlobPublicAccess", "equals": "true" } ] }, "then": { "effect": "deny" } } } } Implementing Conditional Access Policies Admin Role Protection Secure privileged accounts with dedicated conditional access policies: ...