ms365 -2

How to Geolock an Office 365 tenancy to only be accessible from one country

First go to

1. Next, go to Protection > Conditional Access > Named Locations

2. Next click ‘+ Countries location’

3. Name the ‘New location’ as ‘Approved Countries’

4. Tick the countries you need to ‘approve’ and click ‘Create’

5. Next, go to ‘Policies’

6. Click ‘New policy’ and name the policy ‘Block access from other countries’

7. Next, assign this to all users (Make sure to exclude both admin accounts, as this is good practice)

8. Next, click ‘Target resources and include ‘All cloud apps’

9. Next, click Conditions and change ‘Locations’ to ‘Configure: Yes’ and exclude the ‘Approved countries’ we made earlier.

10. Next, click Conditions > Client apps and configure the below:

11. Next, click Conditions > Filters for devices and configure the below:

This makes it so if the device is compliant in Intune, they can access O365 from any country


For more useful knowledge base articles, valuable insights, and in-depth blogs, head to our Knowledge centre.

Whether you need information on security best practices, the latest trends in telecommunications or comprehensive IT knowledge, our Knowledge Centre has been put together to keep you informed and ahead of the curve. 

Share this post