Microsoft Azure supports location-based conditional access policies to ensure only requests made from Aqua Cloud are allowed to access your application.

This policy will restrict the application only to Aqua Cloud IP addresses. To enable this policy please follow these steps:

1. Enter the Azure Active Directory service

2. Select the Enterprise applications blade

3. Select the Conditional Access blade

4. Select Named locations

5. Select New location


6. Add "Aqua Cloud IP Address" to the Name

7. Ensure that "IP Ranges" is selected

8. Add as the IP range

9. Select the Create button


10. Now enter the Policies Blade

11. Select New Policy


12. Select the Cloud apps or actions blade

13. ensure that Cloud apps is selected

14. Ensure that Select apps is selected

15. Click the Select blade

16. Search for the "aqua-cloud-remediator" application and select it

17. Click Select.


18. Select the Conditions Blade

19. Select the Locations Blade

20. Ensure that Yes is selected

21. Ensure that Selected Locations is selected

22. Click the Select blade

23. Select the "Aqua Cloud IP Address" that was created from before


24. Select the Session blade

25. Select Use Conditional Access App Control with Monitor Only


26. Ensure everything is configured correctly


27. Select Create