Azurecloud~30 mins

Conditional access policies in Azure - Mini Project: Build & Apply

Choose your learning style9 modes available

Learn Why Deep Visual Try Challenge Project Recall Time

Create a Conditional Access Policy in Azure

📖 Scenario: You are an IT administrator for a company. You want to create a conditional access policy in Azure Active Directory to control access to company resources based on user location.

🎯 Goal: Build a conditional access policy that blocks access from all locations except trusted IP ranges.

📋 What You'll Learn

Create a dictionary called policy with the policy name and state

Add a list called trusted_locations with specific IP ranges

Add a condition in policy to include only trusted locations

Set the access control to block access from non-trusted locations

💡 Why This Matters

🌍 Real World

Conditional access policies help secure company resources by controlling who can access them and from where.

💼 Career

IT administrators and cloud security engineers use conditional access policies daily to enforce security rules in Azure Active Directory.

Progress0 / 4 steps

Create the initial policy dictionary

Create a dictionary called policy with keys name set to "Block access outside trusted locations" and state set to "enabled".

Azure

# Your code here

Need a hint?

Use a Python dictionary with the exact keys and values.

Add trusted IP locations list

Create a list called trusted_locations with these exact IP ranges: "192.168.1.0/24" and "10.0.0.0/24".

Azure

policy = {
    "name": "Block access outside trusted locations",
    "state": "enabled"
}
# Your code here

Need a hint?

Use a Python list with the exact IP ranges as strings.

Add location condition to the policy

Add a key conditions to policy with a nested dictionary that has key locations containing a key include set to the trusted_locations list.

Azure

policy = {
    "name": "Block access outside trusted locations",
    "state": "enabled"
}
trusted_locations = ["192.168.1.0/24", "10.0.0.0/24"]
# Your code here

Need a hint?

Use nested dictionaries to add the conditions key with locations and include keys.

Set access control to block non-trusted locations

Add a key grantControls to policy with a key operator set to "OR" and a key builtInControls set to a list containing "block".

Azure

trusted_locations = ["192.168.1.0/24", "10.0.0.0/24"]
policy = {
    "name": "Block access outside trusted locations",
    "state": "enabled",
    "conditions": {
        "locations": {
            "include": trusted_locations
        }
    }
    # Your code here
}

Need a hint?

Add the grantControls dictionary with operator and builtInControls keys to block access.