Hey everyone! I'm a bit confused about how Entra defines a 'trusted location' in the context of Conditional Access policies. For example, I'm trying to block access from a specific network but allow access from external networks. I set it to block all networks and locations while excluding 'All Trusted networks and locations'. This works, but I still get blocked when trying to access from a named location because it's not recognized as trusted. Can someone clarify how Entra determines what qualifies as a trusted location or network?
4 Answers
To ensure a named location is trusted, you need to define the IP range for that named location and also check the box to mark it as a trusted location. If you don't do that, Entra won't recognize it as trusted.
But isn't it considered a bad practice to mark named locations as trusted? It feels risky.
Entra doesn’t decide what's trusted by itself. A location is only marked as trusted when you create a named location with its IP ranges and tick the 'Mark as trusted location' option. If that option isn’t selected, even if the IP range is listed, it won’t be treated as trusted, which is why blocking all locations while excluding trusted ones may still block your access.
So just to clarify, all trusted locations are considered named locations, but not every named location is automatically trusted. You have to specifically mark a named location as trusted for it to be recognized as such.
Related Questions
How to Build a Custom GPT Journalist That Posts Directly to WordPress
Cloudflare Origin SSL Certificate Setup Guide
How To Effectively Monetize A Site With Ads