I'm looking for a method to automatically lock a user account if a login attempt is detected from outside of the country. I realize that attackers can use VPNs to disguise their location, but having this feature would still be beneficial. Ideally, I want to restrict logins to just one state for most users, with a few exceptions for those who need multi-state access. Any suggestions? Thanks!
2 Answers
You might want to consider using Microsoft’s Impossible Travel policy. You can find this option in the Defender Portal. Once set up, it can automatically suspend accounts if it detects logins from locations that are impossible in a short time frame, which is really great for catching those VPN users quickly.
One option is to set up Conditional Access (CA) rules to block sign-ins from outside the U.S. This can help prevent unauthorized access, as it cuts off potential entry points for attackers.
Thanks for the tip! I'm going to check out the Impossible Travel policy and see how it can work for us.