Restrict Access to Active Directory based on IP range

Question

I need to restrict access to Active Directory Application based on fixed IP Address range. For this, I saw an option in configuration of Active Directory, to add IP address range.

I tried this way to restrict IP address, and tried to access Active Directory from another IP address(not in this range), and it got access to Active Directory.

Is there any other way to do this? Any help will be appreciated.

Thanks.

Answer 1

Please see this document and refer to explanation on the portal :

Adding your organization's public address ranges ensures that ,going forward , users signing in from these ip addresses will NOT be flagged in the "Sign ins from multiple geographies" and "Sign ins from IP addresses with suspicious activity" reports .

So Adding your organization's public address ranges can't be used to restrict access to Active Directory Application based on IP Address range . To achieve that, you could try to use location based access rules(need Azure Active Directory Premium), please refer to below config steps:

1. In the configure page of the app you want to config the access rules :
2. Enable the access rules ,choose Block access when not at work(Users trying to access the application from outside your corporate network will not be able to access the application.) ,click the link to edit your work network location :
3. Set trusted ips in the service setting tab: 4.Click save button both on service setting page and app configure page . 5.When you want to access above app using a mistrustful ip, you will be blocked :