Tag: Azure

(Azure) Limit Device Domain Joining Azure AD to Administrators

Login to Azure or Launch Azure portal.

Head over to Azure Active Directory.

Select Devices.

Device Settings.

Set it to selected users.

Require Multi Factor Auth if you have set this up.


Users may register devices with Azure AD is required for 365 registration and Microsoft Intune enrollment. If you have configured these the setting will be unavailable to change.

There is another setting below that lets you selected maximum amount of devices joined per user or unlimited.

{ Add a Comment }

(Azure) Block Foreign Signins

This rule will help secure your environment from foreign countries that your business does not operate in.

Create a Conditional Access policy.
Under locations, specify which countries you operate in.
Check the box for “Include unknown areas”. The reason for this is that Microsoft does not detect the location from IPv6 (yet) so this will allow them. Attacks carried out via IPv6 are much more rare. In “Named Locations” you can opt into the preview which allows you to whitelist IPv6 ranges. You would likely have to contact your company’s mobile provider for their ranges if you use this.
Under policy rules, set access controls to “Block”, Include all, Exclude your locations.

When team members travel out of country, have them notify IT so you can create an exclusion under “Users and groups”.

{ Add a Comment }