Defining the locations to exclude from the policy

Before you create the conditional access policy, you need to define the Forcepoint ONE SSE IP ranges that should be excluded from the policy.

Steps

  1. Sign into the Azure Portal with an Azure administrator account.
  2. Navigate to Microsoft Entra ID > Security > Conditional Access > Named Locations.
  3. Click + IP ranges location to a new named location.
  4. On the New location (IP ranges) page, enter a Name for the location.


  5. Select Mark as trusted location.
  6. Click to add the IP address ranges specific to the region for your Forcepoint ONE SSE.

    OR

    Click Upload to upload the IP address ranges from a text file.

    For a list of IP address ranges for the gateways, see Viewing IP and data center locations information.

  7. Click Create.
    You can now use the named location in the conditional access policy.