Getting Started #
This document provides the instructions for adding a Conditional Access policy to the Infortel Call Queue Analytics Service Account. Before you begin, please ensure you have the following:
- A Service Account in Entra ID used for ISI Analytics Call Queues
- Microsoft 365 Administrator Privileges
Create a Named Location #
- Login to https://entra.microsoft.com
- Navigate to Protection -> Conditional Access on the left
- On the Conditional Access page, navigate to Mange -> Named locations
- Click + IP ranges location
- Name the location ISI Analytics Service Addresses or something similar
- Click the + button, input the IP Range 157.56.30.194/32, and click Add
- Click Create
Create Conditional Access Policy #
Once the Named location is created
- Navigate to Policies on the left
- Click + Create new policy
- Name the policy ISI Analytics Service Account Restrictions or something similar
- Assign the Service Account to the Policy
- Under Users, click 0 users and groups selected
- Under Include, Select Select users and groups. Check Users and groups and select your service account. Once finished, the configuration should look like this, with your service account selected.
- Under Users, click 0 users and groups selected
- Set the Target resource to All cloud apps
- Under Target resources, click No target resources selected
- Under Include, Select All cloud apps. When selected All cloud apps, the system will show a warning. Be sure to have only selected the service account in the previous steps.
- Under Target resources, click No target resources selected
- Set the Condition to only allow ISI Analytics Service Addresses
- Under Conditions, click 0 conditions selected
- Under Locations, click Not configured
- Change Configure to Yes
- Under Include, select Any network or location
- Under Exclude, select Selected networks and locations. Under Select, click None and select the Named location you created and click Save.
- Once finished, the configuration should look like this, with your Named location selected
- Under Conditions, click 0 conditions selected
- Set the Grant to Block access
- Under Grant, select 0 controls selected
- Select Block access and click Select
- Under Grant, select 0 controls selected
- Under Enable Policy, change to On
- Confirm the configuration is correct:
- Users should say Specific users included and only the ISI Analytics Queue Service Account is selected
- Target resources should say All cloud apps
- Conditions should say 1 condition selected with a Location setup for the ISI Analytics Service Addresses
- Grant should should say Block access
- Once everything is confirmed, click Create