All Collections
Microsoft 365
FAQs SaaS Apps
Configure Azure AD Conditional Access to exclude inSync
Configure Azure AD Conditional Access to exclude inSync
Updated over a week ago

If your organization uses Azure AD with Conditional Access for authenticating and providing access to users, as an inSync administrator ensure -

  1. Druva inSync IP address range is defined as a Named Location in Conditional Access.

  2. The Named Location is part of the Conditional Access Policy Exclusion list.

❗ Important

It is mandatory to ensure the above conditions, else Druva inSync fails to backup & restore Microsoft 365 data of all users and administrators.


  • You must be an Azure AD administrator with Conditional Access administrator privileges.

  • Get the IP Address range in CIDR notation for inSync Cloud by raising a case with Druva Support.


  1. Login to Azure Portal.

  2. Configure or define a Named Location.

    1. Go to Azure Active Directory > Protect & Secure > Conditional Access > Named locations.

    2. Click to add IP Ranges Location.

    3. Provide a Name and the IP range.

    4. (Optional) Select Mark as Trusted Location.
      For more information, see Using the condition location in a Conditional Access Policy.

  3. After creating the Named Location, ensure you exclude this Named Location in the Conditional Access Policy's Location list. For more information, see Conditional Access: Condition Location.

    1. Go to Azure Active Directory > Security > Conditional Access > { Select your Conditional Access Policy}.

    2. Click on Conditions > Locations.

    3. Select the Exclude tab and then click Selected Locations.

    4. Select the Named Location that you created in Step 2 from the right-hand side panel.

    5. Click Save.

inSync users and administrators now logging on using MFA and with Conditional Access will be backed up successfully. Users and administrators can even restore their data seamlessly.

Did this answer your question?