0

My company does not want any staff to have access to our corporate Azure account from outside of our offices.

So, is it possible to lock down the Azure Portal? Preferably by IP whitelist.

I can find many options to lock down specific things in Azure but nothing to configure the portal itself (other than whitelisting IPs to not have to use 2FA to log in).

Shevek
  • 199
  • 1
  • 9

2 Answers2

1

The Azure portal is managed by Microsoft, and (being an online service) is accessible from anywhere. The only form of access control is user authentication, there is no way to allow or refuse access based on client IP address.

Massimo
  • 68,714
  • 56
  • 196
  • 319
  • It is technically possible though - our HR system is hosted online and only accessible from our office. – Shevek Dec 03 '15 at 10:07
  • It is not possible *for the Azure portal*. Of course it's technically possible *in general*, but it depends on if and how the hosting provider implements this type of restrictions. Azure doesn't. – Massimo Dec 03 '15 at 11:16
  • Thanks for confirming. I only made the point because your "being an online service" comment suggested you were implying all online services are unable to do so. – Shevek Dec 03 '15 at 12:36
1

So what we do at Microsoft (I work for them) with Azure it to use multifactor authentication (MFA) in Azure AD to lock down our access to our internal Azure subscriptions. It might be possible to adapt that approach to having a device which is kept in the office as the other part of the authentication (e.g. a landline), but at the very least it's open, (you can use any make of phone for example) and secure in that we trust it. for more on MFA look at this post on TechNet http://blogs.technet.com/b/ad/archive/2013/10/10/getting-started-with-windows-azure-multifactor-authentication.aspx

DeepFat
  • 141
  • 4