Contact Us

    Blocking Access Outside Australia for M365 tenancy with Conditional Access Policy


    Microsoft 365 (M365) offers a powerful suite of cloud-based productivity tools for organizations worldwide. However, ensuring the security of your M365 tenancy is crucial, especially when it comes to controlling access from specific geographic locations. In this blog post, we will guide you through the process of blocking access to your M365 tenancy from outside Australia using a Conditional Access Policy. By implementing this policy, you can enhance your data security and compliance measures, protecting sensitive information and mitigating potential risks.

    Step 1: Understanding Conditional Access Policies

    Conditional Access Policies in M365 allow you to define specific requirements for accessing your organization’s resources. By leveraging these policies, you can enforce additional security measures based on factors such as user location, device compliance, and user risk level. We’ll focus on the location-based access restriction aspect in this guide.

    Step 2: Assessing Your Requirements

    Before implementing the policy, it’s crucial to determine your specific needs. In this case, you want to restrict access to your M365 tenancy to users within Australia only. Consider the following questions:

    1. Are there any legitimate scenarios where users outside Australia would require access to your M365 tenancy?
    2. Are there any specific user groups or roles that should be exempted from this restriction?
    3. What is the potential impact of blocking access to users outside Australia?

    By answering these questions, you can fine-tune your policy to align with your organization’s needs while minimizing disruption.

    Step 3: Creating a Conditional Access Policy

    Now that you have a clear understanding of your requirements, follow these steps to create a Conditional Access Policy:

    1. Log in to the Microsoft 365 Security & Compliance Center using administrator credentials.
    2. Navigate to the “Security & Compliance” dashboard and select “Threat management” from the sidebar.
    3. Choose “Policy” and then “Conditional Access.”
    4. Click on “New Policy” to start creating a new policy.
    5. Provide a suitable name for your policy, such as “Restrict Access to M365 Tenancy – Australia Only.”
    6. In the “Users and Groups” section, select the user groups or roles to which you want to apply the policy.
    7. In the “Cloud apps or actions” section, specify the M365 applications or resources you want to restrict.
    8. Under “Conditions,” click on “Locations.”
    9. Choose the “+ Include” button and select “All trusted locations.”
    10. In the location picker, remove the default “Any location” option and add “Australia” as the included location.
    11. Save the policy.

    Step 4: Testing and Fine-Tuning

    After saving the policy, it’s essential to conduct thorough testing before enforcing it for all users. Test the policy with a small group of users to ensure that access is correctly restricted for users outside Australia while allowing access to authorized users within the specified location. Monitor any feedback or issues encountered during this phase, and make adjustments if necessary.

    Step 5: Enforcing the Policy

    Once you are satisfied with the test results, you can apply the policy to all relevant users or user groups. Monitor the access logs regularly to ensure that access attempts from outside Australia are blocked, and maintain an open channel for users to report any access issues that may arise.


    Implementing a Conditional Access Policy to block access to your M365 tenancy from outside Australia adds an extra layer of security and helps protect your organization’s data and resources. By following the steps outlined in this blog post, you can easily configure this policy to align with your specific requirements. Remember to regularly review and update your policies as your organization’s needs evolve, and stay vigilant in safeguarding your M365 tenancy from unauthorized access.

    (Note: The steps provided are based on the general process of creating a Conditional Access Policy in M365. It’s important to refer to Microsoft’s official documentation and consult with your IT team to ensure accurate implementation based on your specific environment and requirements.)