I'm looking for a way to automatically lock a user account if there's a login attempt detected from outside the country. I realize that hackers can use VPNs to mask their locations, but having this feature would be really useful. Specifically, I'd like to restrict logins primarily to one state for most users while accommodating a few multi-state users. Any guidance would be appreciated!
3 Answers
You might consider using Conditional Access (CA) to block any sign-ins from outside the U.S. That way, you can set restrictions based on geographical locations right from the start.
Have you looked into using Log Analytics and Sentinel with Alert Rules? If you set a policy based on risk assessment, it should help you block unauthorized access effectively.
There's a feature called the Impossible Travel policy you can enable. In the Microsoft Defender portal, go to Cloud Apps, then Policies, and set up the "Impossible Travel" Policy Template. This can automatically suspend user accounts if it detects unusual sign-in locations. Just keep in mind it might take a few days for Microsoft to learn your users' normal sign-in behavior, but it can be very effective!
Thank you! This is a helpful start.