Easily Enable Conditional Access by Country with Duo
The conflict in Ukraine has shined a light on threats from bad actors operating from specific parts of the world. If you haven’t done so already, this is an opportune time to evaluate, and if necessary tighten, your organization’s security posture. Enabling conditional access policies that block access from specific countries would be an excellent way to do this.
Our latest Duo Trusted Access Report found that roughly 91% of organizations implementing location restrictions choose to restrict attacks from Russia or China (while 60% block both). Other countries topping the list include North Korea (41%), Iran (38%), Ukraine (28%), Afghanistan (27%), Iraq (21%), Belarus (20%), Nigeria (19%), and Syria (18%):
How to block access by location with Duo
Duo Access and Duo Beyond customers can set a conditional access policy in only a few minutes that prevents unauthorized access from any location.
To change your user location policy, go into the Duo Admin panel navigate to Policies and click “Edit Global Policy.” Start typing the country name into the Duo Admin Panel to select it from the list. Change the drop-down to “Deny access,” then click “Save.” This prevents all authentication attempts from IP addresses that originate from the selected country.
This policy setting overrides other access policies, like Authentication Policy, Authorized Networks and Remembered Devices, when the setting applied here is more restrictive than the setting applied by those other policy options.
Learn more about enabling conditional access by country
Try Duo For Free
With our free 30-day trial, see how easy it is to get started with Duo and create custom conditional access policies based on role, device, location, and many other contextual factors.