Microsoft Azure supports location-based conditional access policies to ensure only requests made from Aqua Cloud are allowed to access your application.


This policy will restrict the application only to Aqua Cloud IP addresses. To enable this policy please follow these steps:


  1. Enter the Azure Active Directory service
  2. Select the Enterprise applications blade
  3. Select the Conditional Access blade
  4. Select Named locations
  5. Select New location

  6. Add "Aqua Cloud IP Address" to the Name
  7. Ensure that "IP Ranges" is selected
  8. Add 3.231.74.65/32 as the IP range
  9. Select the Create button

  10. Now enter the Policies Blade
  11. Select New Policy 
  12. Select the Cloud apps or actions blade
  13. Ensure that Cloud apps is selected
  14. Ensure that Select apps is selected
  15. Click the Select blade
  16. Search for the "aqua-cloud-remediator" application and select it
  17. Click Select. 

  18. Select the Conditions Blade
  19. Select the Locations Blade
  20. Ensure that Yes is selected
  21. Ensure that Selected Locations is selected
  22. Click the Select blade
  23. Select the "Aqua Cloud IP Address" that was created from before

  24. Select the Session blade
  25. Select Use Conditional Access App Control with Monitor Only

  26. Ensure everything is configured correctly


  27. Select Create