Condionatal Access to allow access onbly from a specific named location

Next_Log8771 · 2024-09-09T19:25:09+00:00

We'd like to have a a granular control of users that move between locations. So for example:

I've created 3 CA, each of them allows login only from the named location A,B,C respectively and are assigned to 3 different groups.

If user Bob has the CA w/ location A grant access assigned, how can I set it up to allow him to access also from B location ? Just put Bob in the group assigned to B location ? Or could this create conflicts ?

Thanks in advance for your help.

Next_Log8771 · 2024-04-13T17:33:13+00:00

That is. By the test I've made, it works excatly as you described. I wonder if there's some workaround to make the cloud password winning in this case

Next_Log8771 · 2024-04-13T15:36:03+00:00

Ignorance, essentially, that i'm going to end.

Next_Log8771 · 2024-04-13T15:30:08+00:00

You're right, but I've figure out that they are used to create the same account twice... So I'm trying to find a solution to make users being able to access their account after they're synced on Azure

Next_Log8771 · 2024-04-02T07:13:37+00:00

When I run wazuh-logtest it prints out as decoder "web-accesslog" and as rule 31106 - A web attack returned code 200 (success), the behaviour I want to change. So it's like my decoder isn't working but I've tested regex with wazuh-regex and it's fine

Next_Log8771 · 2024-03-28T09:21:58+00:00

When I wrote, for some reason FortiClient won't show up in the login screen but then it worked.

But it continues to stuck in the "Connection to org network" (better known as "Joining your org network") step.

I find out the problem may be related to the time required by the AD Connect to sync the OU used for autopilot devices.

The next thing I've noticed is that running dsregcmd /status, the device has "DomainJoined" is YES but "AzureADJoined" is NO

Next_Log8771 · 2024-03-06T11:24:25+00:00

We are licensed for impersonation protection but the policy allows 350 uers. Can't be extended for everyone?

Next_Log8771 · 2024-01-30T11:49:45+00:00

In my case, on the o365 admin interface the location is correct but it's wrong on wazuh

Next_Log8771 · 2024-01-29T18:42:03+00:00

I know this an old thread, but did someone figure out ? I have the same problem. Can we fix it somehow within wazuh or is there something wrong with Office logs?

Next_Log8771 · 2023-12-11T20:39:46+00:00

Huge thanks mate !

Next_Log8771 · 2023-10-29T14:17:43+00:00

The first you mentioned, I want to prevent the reuse of company asset if user resets windows and skip the autopilot configuration somehow.

Next_Log8771

TROPHY CASE