{"id":31965,"date":"2022-06-27T16:02:12","date_gmt":"2022-06-27T10:32:12","guid":{"rendered":"https:\/\/www.inogic.com\/blog\/?p=31965"},"modified":"2022-06-28T16:36:28","modified_gmt":"2022-06-28T11:06:28","slug":"use-of-conditional-access-to-reduce-unauthorized-access-to-dynamics-365-crm-by-location-or-ip","status":"publish","type":"post","link":"https:\/\/www.inogic.com\/blog\/2022\/06\/use-of-conditional-access-to-reduce-unauthorized-access-to-dynamics-365-crm-by-location-or-ip\/","title":{"rendered":"Use of \u2018Conditional Access\u2019 to reduce unauthorized access to Dynamics 365 CRM by location or IP"},"content":{"rendered":"<h2><strong>Introduction<\/strong><\/h2>\n<p>Data breaches and unauthorized access are two of the prime headaches for any Dynamics 365 CRM Administrator. Sometimes, there can arise a situation where we want to block access of CRM to a specific location. This can be done using \u2018Conditional access\u2019 in Azure Portal. Below are the <a href=\"https:\/\/azure.microsoft.com\/en-us\/free\/\" target=\"_blank\" rel=\"noopener\">pre-requisites<\/a> for the same:<\/p>\n<ul>\n<li>A subscription to Azure Active Directory Premium<\/li>\n<li>A federated Azure Active Directory tenant<\/li>\n<\/ul>\n<p>Once you make sure you have the above requirements, follow the below steps to achieve conditional access.<\/p>\n<p>This can be done with two different ways \u2013<\/p>\n<ol>\n<li>By selecting a set of or any specific country.\n<ol>\n<li>This can be used when we want to block the access to CRM from a specific country to make data more secure.<\/li>\n<\/ol>\n<\/li>\n<li>By restricting a specific IP address range.\n<ol>\n<li>This can be used when we want to block the access to CRM from a specific Public IP address domain.<\/li>\n<\/ol>\n<\/li>\n<\/ol>\n<p>So first, let\u2019s see how to restrict by selecting a set of or any specific country.<\/p>\n<p>1. Log-In to the <a href=\"https:\/\/portal.azure.com\/#home\" target=\"_blank\" rel=\"noopener\">Azure Portal<\/a>.<\/p>\n<p>2. In Services, search for Azure AD Conditional Access.<\/p>\n<p>3. The conditional access works on two things \u2013<\/p>\n<ul>\n<li style=\"list-style-type: none;\">\n<ul>\n<li style=\"list-style-type: none;\">\n<ul>\n<li>Named Locations<\/li>\n<li>Policies which consist of the above mentioned Named Locations<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<p>4. So, head over to the Named locations first.<\/p>\n<p><img decoding=\"async\" class=\"alignnone size-full wp-image-31956\" style=\"border: 1px solid #0a0a0a; padding: 1px; margin: 1px;\" src=\"https:\/\/www.inogic.com\/blog\/wp-content\/uploads\/2022\/06\/1conditional-access.jpeg\" alt=\"conditional access\" width=\"1920\" height=\"924\" srcset=\"https:\/\/www.inogic.com\/blog\/wp-content\/uploads\/2022\/06\/1conditional-access.jpeg 1920w, https:\/\/www.inogic.com\/blog\/wp-content\/uploads\/2022\/06\/1conditional-access-300x144.jpeg 300w, https:\/\/www.inogic.com\/blog\/wp-content\/uploads\/2022\/06\/1conditional-access-1024x493.jpeg 1024w, https:\/\/www.inogic.com\/blog\/wp-content\/uploads\/2022\/06\/1conditional-access-768x370.jpeg 768w, https:\/\/www.inogic.com\/blog\/wp-content\/uploads\/2022\/06\/1conditional-access-1536x739.jpeg 1536w, https:\/\/www.inogic.com\/blog\/wp-content\/uploads\/2022\/06\/1conditional-access-660x318.jpeg 660w\" sizes=\"(max-width: 1920px) 100vw, 1920px\" \/><\/p>\n<p>5. For demonstration purpose, we are blocking access from country Argentina.<\/p>\n<p><img decoding=\"async\" class=\"alignnone size-full wp-image-31957\" style=\"border: 1px solid #0a0a0a; padding: 1px; margin: 1px;\" src=\"https:\/\/www.inogic.com\/blog\/wp-content\/uploads\/2022\/06\/2conditional-access.jpeg\" alt=\"conditional access\" width=\"1920\" height=\"960\" srcset=\"https:\/\/www.inogic.com\/blog\/wp-content\/uploads\/2022\/06\/2conditional-access.jpeg 1920w, https:\/\/www.inogic.com\/blog\/wp-content\/uploads\/2022\/06\/2conditional-access-300x150.jpeg 300w, https:\/\/www.inogic.com\/blog\/wp-content\/uploads\/2022\/06\/2conditional-access-1024x512.jpeg 1024w, https:\/\/www.inogic.com\/blog\/wp-content\/uploads\/2022\/06\/2conditional-access-768x384.jpeg 768w, https:\/\/www.inogic.com\/blog\/wp-content\/uploads\/2022\/06\/2conditional-access-1536x768.jpeg 1536w, https:\/\/www.inogic.com\/blog\/wp-content\/uploads\/2022\/06\/2conditional-access-660x330.jpeg 660w\" sizes=\"(max-width: 1920px) 100vw, 1920px\" \/><\/p>\n<p>6. After creating a new location, click on Policies -&gt; New Policy.<\/p>\n<p><img decoding=\"async\" class=\"alignnone size-full wp-image-31958\" style=\"border: 1px solid #0a0a0a; padding: 1px; margin: 1px;\" src=\"https:\/\/www.inogic.com\/blog\/wp-content\/uploads\/2022\/06\/3conditional-access.jpeg\" alt=\"conditional access\" width=\"1920\" height=\"964\" srcset=\"https:\/\/www.inogic.com\/blog\/wp-content\/uploads\/2022\/06\/3conditional-access.jpeg 1920w, https:\/\/www.inogic.com\/blog\/wp-content\/uploads\/2022\/06\/3conditional-access-300x151.jpeg 300w, https:\/\/www.inogic.com\/blog\/wp-content\/uploads\/2022\/06\/3conditional-access-1024x514.jpeg 1024w, https:\/\/www.inogic.com\/blog\/wp-content\/uploads\/2022\/06\/3conditional-access-768x386.jpeg 768w, https:\/\/www.inogic.com\/blog\/wp-content\/uploads\/2022\/06\/3conditional-access-1536x771.jpeg 1536w, https:\/\/www.inogic.com\/blog\/wp-content\/uploads\/2022\/06\/3conditional-access-660x331.jpeg 660w\" sizes=\"(max-width: 1920px) 100vw, 1920px\" \/><\/p>\n<p>7. While creating a new policy, you can select to block either All Users or any number of particular users or azure group.<\/p>\n<p><img decoding=\"async\" class=\"alignnone size-full wp-image-31959\" style=\"border: 1px solid #0a0a0a; padding: 1px; margin: 1px;\" src=\"https:\/\/www.inogic.com\/blog\/wp-content\/uploads\/2022\/06\/4conditional-access.jpeg\" alt=\"conditional access\" width=\"642\" height=\"698\" srcset=\"https:\/\/www.inogic.com\/blog\/wp-content\/uploads\/2022\/06\/4conditional-access.jpeg 642w, https:\/\/www.inogic.com\/blog\/wp-content\/uploads\/2022\/06\/4conditional-access-276x300.jpeg 276w\" sizes=\"(max-width: 642px) 100vw, 642px\" \/><\/p>\n<p>8. In the next step, choose which cloud apps should be blocked. Here, you can select either all cloud apps or any number of particular cloud apps. Here, I\u2019m selecting Common Data Service (which will block out CRM access). Under \u2018Enable Policy\u2019, select \u2018On\u2019 and click on \u2018create\u2019, as shown in the below screenshot:<\/p>\n<p><img decoding=\"async\" class=\"alignnone size-full wp-image-31960\" style=\"border: 1px solid #0a0a0a; padding: 1px; margin: 1px;\" src=\"https:\/\/www.inogic.com\/blog\/wp-content\/uploads\/2022\/06\/5conditional-access.jpeg\" alt=\"conditional access\" width=\"1920\" height=\"958\" srcset=\"https:\/\/www.inogic.com\/blog\/wp-content\/uploads\/2022\/06\/5conditional-access.jpeg 1920w, https:\/\/www.inogic.com\/blog\/wp-content\/uploads\/2022\/06\/5conditional-access-300x150.jpeg 300w, https:\/\/www.inogic.com\/blog\/wp-content\/uploads\/2022\/06\/5conditional-access-1024x511.jpeg 1024w, https:\/\/www.inogic.com\/blog\/wp-content\/uploads\/2022\/06\/5conditional-access-768x383.jpeg 768w, https:\/\/www.inogic.com\/blog\/wp-content\/uploads\/2022\/06\/5conditional-access-1536x766.jpeg 1536w, https:\/\/www.inogic.com\/blog\/wp-content\/uploads\/2022\/06\/5conditional-access-660x329.jpeg 660w\" sizes=\"(max-width: 1920px) 100vw, 1920px\" \/><\/p>\n<p>9. In the conditions, select the location that we recently created.<\/p>\n<p><img decoding=\"async\" class=\"alignnone size-full wp-image-31961\" style=\"border: 1px solid #0a0a0a; padding: 1px; margin: 1px;\" src=\"https:\/\/www.inogic.com\/blog\/wp-content\/uploads\/2022\/06\/6conditional-access.jpeg\" alt=\"conditional access\" width=\"940\" height=\"476\" srcset=\"https:\/\/www.inogic.com\/blog\/wp-content\/uploads\/2022\/06\/6conditional-access.jpeg 940w, https:\/\/www.inogic.com\/blog\/wp-content\/uploads\/2022\/06\/6conditional-access-300x152.jpeg 300w, https:\/\/www.inogic.com\/blog\/wp-content\/uploads\/2022\/06\/6conditional-access-768x389.jpeg 768w, https:\/\/www.inogic.com\/blog\/wp-content\/uploads\/2022\/06\/6conditional-access-660x334.jpeg 660w\" sizes=\"(max-width: 940px) 100vw, 940px\" \/><\/p>\n<p>10. Go to <strong>Access controls<\/strong> -&gt; Under \u2018<strong>Grant\u2019<\/strong>, select <strong>Block access<\/strong>.<\/p>\n<p><img decoding=\"async\" class=\"alignnone size-full wp-image-31962\" style=\"border: 1px solid #0a0a0a; padding: 1px; margin: 1px;\" src=\"https:\/\/www.inogic.com\/blog\/wp-content\/uploads\/2022\/06\/7conditional-access.jpeg\" alt=\"conditional access\" width=\"1920\" height=\"959\" srcset=\"https:\/\/www.inogic.com\/blog\/wp-content\/uploads\/2022\/06\/7conditional-access.jpeg 1920w, https:\/\/www.inogic.com\/blog\/wp-content\/uploads\/2022\/06\/7conditional-access-300x150.jpeg 300w, https:\/\/www.inogic.com\/blog\/wp-content\/uploads\/2022\/06\/7conditional-access-1024x511.jpeg 1024w, https:\/\/www.inogic.com\/blog\/wp-content\/uploads\/2022\/06\/7conditional-access-768x384.jpeg 768w, https:\/\/www.inogic.com\/blog\/wp-content\/uploads\/2022\/06\/7conditional-access-1536x767.jpeg 1536w, https:\/\/www.inogic.com\/blog\/wp-content\/uploads\/2022\/06\/7conditional-access-660x330.jpeg 660w\" sizes=\"(max-width: 1920px) 100vw, 1920px\" \/><\/p>\n<p>11. After successful creation, you will get the below notification:<\/p>\n<p><img decoding=\"async\" class=\"alignnone size-full wp-image-31963\" style=\"border: 1px solid #0a0a0a; padding: 1px; margin: 1px;\" src=\"https:\/\/www.inogic.com\/blog\/wp-content\/uploads\/2022\/06\/8conditional-access.jpeg\" alt=\"conditional access\" width=\"353\" height=\"123\" srcset=\"https:\/\/www.inogic.com\/blog\/wp-content\/uploads\/2022\/06\/8conditional-access.jpeg 353w, https:\/\/www.inogic.com\/blog\/wp-content\/uploads\/2022\/06\/8conditional-access-300x105.jpeg 300w\" sizes=\"(max-width: 353px) 100vw, 353px\" \/><\/p>\n<p>12. Now, when a user will try to access the CRM from Argentina, an error message will be shown as below:<\/p>\n<p><img decoding=\"async\" class=\"alignnone size-full wp-image-31964\" style=\"border: 1px solid #0a0a0a; padding: 1px; margin: 1px;\" src=\"https:\/\/www.inogic.com\/blog\/wp-content\/uploads\/2022\/06\/9conditional-access.jpeg\" alt=\"conditional access\" width=\"541\" height=\"557\" srcset=\"https:\/\/www.inogic.com\/blog\/wp-content\/uploads\/2022\/06\/9conditional-access.jpeg 541w, https:\/\/www.inogic.com\/blog\/wp-content\/uploads\/2022\/06\/9conditional-access-291x300.jpeg 291w\" sizes=\"(max-width: 541px) 100vw, 541px\" \/><\/p>\n<p>Now, we will see how to restrict by a specific IP address range.<\/p>\n<ol>\n<li>Log-In to the <a href=\"https:\/\/portal.azure.com\/#home\" target=\"_blank\" rel=\"noopener\">Azure Portal<\/a>.<\/li>\n<li>In Services, search for Azure AD Conditional Access.<\/li>\n<li>Head over to the Named locations first.<\/li>\n<\/ol>\n<p><img decoding=\"async\" class=\"alignnone size-full wp-image-31953\" style=\"border: 1px solid #0a0a0a; padding: 1px; margin: 1px;\" src=\"https:\/\/www.inogic.com\/blog\/wp-content\/uploads\/2022\/06\/10conditional-access.jpeg\" alt=\"conditional access\" width=\"1920\" height=\"924\" srcset=\"https:\/\/www.inogic.com\/blog\/wp-content\/uploads\/2022\/06\/10conditional-access.jpeg 1920w, https:\/\/www.inogic.com\/blog\/wp-content\/uploads\/2022\/06\/10conditional-access-300x144.jpeg 300w, https:\/\/www.inogic.com\/blog\/wp-content\/uploads\/2022\/06\/10conditional-access-1024x493.jpeg 1024w, https:\/\/www.inogic.com\/blog\/wp-content\/uploads\/2022\/06\/10conditional-access-768x370.jpeg 768w, https:\/\/www.inogic.com\/blog\/wp-content\/uploads\/2022\/06\/10conditional-access-1536x739.jpeg 1536w, https:\/\/www.inogic.com\/blog\/wp-content\/uploads\/2022\/06\/10conditional-access-660x318.jpeg 660w\" sizes=\"(max-width: 1920px) 100vw, 1920px\" \/><\/p>\n<ol start=\"4\">\n<li>In case of blocking access using IP address, follow the steps given below:<\/li>\n<\/ol>\n<p><img decoding=\"async\" class=\"alignnone size-full wp-image-31952\" style=\"border: 1px solid #0a0a0a; padding: 1px; margin: 1px;\" src=\"https:\/\/www.inogic.com\/blog\/wp-content\/uploads\/2022\/06\/11conditional-access.jpeg\" alt=\"conditional access\" width=\"1920\" height=\"968\" srcset=\"https:\/\/www.inogic.com\/blog\/wp-content\/uploads\/2022\/06\/11conditional-access.jpeg 1920w, https:\/\/www.inogic.com\/blog\/wp-content\/uploads\/2022\/06\/11conditional-access-300x151.jpeg 300w, https:\/\/www.inogic.com\/blog\/wp-content\/uploads\/2022\/06\/11conditional-access-1024x516.jpeg 1024w, https:\/\/www.inogic.com\/blog\/wp-content\/uploads\/2022\/06\/11conditional-access-768x387.jpeg 768w, https:\/\/www.inogic.com\/blog\/wp-content\/uploads\/2022\/06\/11conditional-access-1536x774.jpeg 1536w, https:\/\/www.inogic.com\/blog\/wp-content\/uploads\/2022\/06\/11conditional-access-660x333.jpeg 660w\" sizes=\"(max-width: 1920px) 100vw, 1920px\" \/><\/p>\n<ol start=\"5\">\n<li>And while creating Policy, select the location we created in step 4 (Suspicious IP Range).<\/li>\n<\/ol>\n<p><img decoding=\"async\" class=\"alignnone size-full wp-image-31954\" style=\"border: 1px solid #0a0a0a; padding: 1px; margin: 1px;\" src=\"https:\/\/www.inogic.com\/blog\/wp-content\/uploads\/2022\/06\/12conditional-access.jpeg\" alt=\"conditional access\" width=\"940\" height=\"472\" srcset=\"https:\/\/www.inogic.com\/blog\/wp-content\/uploads\/2022\/06\/12conditional-access.jpeg 940w, https:\/\/www.inogic.com\/blog\/wp-content\/uploads\/2022\/06\/12conditional-access-300x151.jpeg 300w, https:\/\/www.inogic.com\/blog\/wp-content\/uploads\/2022\/06\/12conditional-access-768x386.jpeg 768w, https:\/\/www.inogic.com\/blog\/wp-content\/uploads\/2022\/06\/12conditional-access-660x331.jpeg 660w\" sizes=\"(max-width: 940px) 100vw, 940px\" \/><\/p>\n<ol start=\"6\">\n<li>Now, when a user will try to access the CRM from the specific IP range, an error message will be shown as below:<\/li>\n<\/ol>\n<p><img decoding=\"async\" class=\"alignnone size-full wp-image-31955\" style=\"border: 1px solid #0a0a0a; padding: 1px; margin: 1px;\" src=\"https:\/\/www.inogic.com\/blog\/wp-content\/uploads\/2022\/06\/13conditional-access.jpeg\" alt=\"conditional access\" width=\"475\" height=\"906\" srcset=\"https:\/\/www.inogic.com\/blog\/wp-content\/uploads\/2022\/06\/13conditional-access.jpeg 475w, https:\/\/www.inogic.com\/blog\/wp-content\/uploads\/2022\/06\/13conditional-access-157x300.jpeg 157w\" sizes=\"(max-width: 475px) 100vw, 475px\" \/><\/p>\n<h2><strong>Conclusion<\/strong><\/h2>\n<p>In this way, you can easily restrict access from a specific country or a group of IP addresses from accessing any or all of your global apps.<\/p>\n<p><a href=\"https:\/\/www.inogic.com\/product\/productivity-apps\/user-adoption-monitor-in-dynamics-crm\" target=\"_blank\" rel=\"noopener\"><img decoding=\"async\" class=\"alignnone wp-image-31971\" src=\"https:\/\/www.inogic.com\/blog\/wp-content\/uploads\/2022\/06\/1-1.jpg\" alt=\"\" width=\"852\" height=\"213\" srcset=\"https:\/\/www.inogic.com\/blog\/wp-content\/uploads\/2022\/06\/1-1.jpg 800w, https:\/\/www.inogic.com\/blog\/wp-content\/uploads\/2022\/06\/1-1-300x75.jpg 300w, https:\/\/www.inogic.com\/blog\/wp-content\/uploads\/2022\/06\/1-1-768x192.jpg 768w, https:\/\/www.inogic.com\/blog\/wp-content\/uploads\/2022\/06\/1-1-660x165.jpg 660w\" sizes=\"(max-width: 852px) 100vw, 852px\" \/><\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Introduction Data breaches and unauthorized access are two of the prime headaches for any Dynamics 365 CRM Administrator. Sometimes, there can arise a situation where we want to block access of CRM to a specific location. This can be done using \u2018Conditional access\u2019 in Azure Portal. Below are the pre-requisites for the same: A subscription\u2026 <span class=\"read-more\"><a href=\"https:\/\/www.inogic.com\/blog\/2022\/06\/use-of-conditional-access-to-reduce-unauthorized-access-to-dynamics-365-crm-by-location-or-ip\/\">Read More &raquo;<\/a><\/span><\/p>\n","protected":false},"author":13,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"om_disable_all_campaigns":false,"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"footnotes":""},"categories":[1],"tags":[],"class_list":["post-31965","post","type-post","status-publish","format-standard","hentry","category-uncategorized"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/www.inogic.com\/blog\/wp-json\/wp\/v2\/posts\/31965","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.inogic.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.inogic.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.inogic.com\/blog\/wp-json\/wp\/v2\/users\/13"}],"replies":[{"embeddable":true,"href":"https:\/\/www.inogic.com\/blog\/wp-json\/wp\/v2\/comments?post=31965"}],"version-history":[{"count":0,"href":"https:\/\/www.inogic.com\/blog\/wp-json\/wp\/v2\/posts\/31965\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.inogic.com\/blog\/wp-json\/wp\/v2\/media?parent=31965"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.inogic.com\/blog\/wp-json\/wp\/v2\/categories?post=31965"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.inogic.com\/blog\/wp-json\/wp\/v2\/tags?post=31965"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}