CA-08: Block Access from High-Risk Countries
Frequently asked questions about implementing and managing the CA-08 security control in Microsoft 365 and Entra ID.
QWhat is CA-08 (Block Access from High-Risk Countries)?▼
CA-08 is a security control that blocking access from high-risk countries reduces geopolitical risk and helps comply with export control regulations (itar, ear). while vpns can bypass this control, it stops opportunistic attacks and reduces your attack surface from nation-state threat actors. It requires that conditional access policy blocks access from high-risk countries and country-based named location configured with sanctioned/high-risk nations, level 1: north korea, iran, syria, level 2: + russia, cuba, level 3: + china, belarus, venezuela.
QWhy is Block Access from High-Risk Countries important for Microsoft 365 security?▼
Blocking access from high-risk countries reduces geopolitical risk and helps comply with export control regulations (ITAR, EAR). While VPNs can bypass this control, it stops opportunistic attacks and reduces your attack surface from nation-state threat actors.
QHow do I implement CA-08 in my tenant?▼
TrueConfig provides one-click remediation for CA-08. Creates country-based named location and blocking CA policy. Emergency accounts are excluded.
QWhat license do I need for CA-08?▼
This control requires Azure AD Premium P1 (included in Microsoft 365 E3) or higher.
QWhich security baseline includes CA-08?▼
CA-08 is included in the TrueConfig Recommended Secure baseline (Level 1). This is the foundation level suitable for most organizations.
5
Questions
1
Related Controls
—
Categorized
Related Resources
Still have questions?
Our security experts are here to help. Start a free trial and get personalized guidance for your Microsoft 365 environment.
Start Free Trial