Microsoft has announced new identity and access management capabilities to its Azure Active Directory Conditional Access feature, built to give admins more control over how resources are accessed and help them handle access policies and authentication for virtual machines (VMs).
One of these tools, available in public preview later this month, lets admins restrict access to sensitive resources from specific countries or regions, based on the user's GPS location, to meet data compliance requirements. They can also apply policies based on device attributes so they can require access from devices that meet specific criteria.
"Due to VPNs and other factors, determining a user's location from their IP address is not always accurate or reliable," wrote Alex Simons, corporate vice president of program management for Microsoft's Identity division, in a blog post describing the "named locations" feature. "GPS signals enable admins to determine location with higher confidence."
When the feature is enabled, a user will be prompted to share their GPS location using the Microsoft Authenticator app during sign-in.
When choosing a region to be a named location in Conditional Access policies, admins can decide whether to determine a user's location based on their IP address or GPS location through the Authenticator app. With the location selected, they can use Conditional Access to restrict access to selected apps for logging in within a chosen location. Simons notes that admins can choose the named locations where they want the policy to apply.
Read the full blog post for more details.