Trusted location configured but travel users still blocked

MSP Toolkit
Minimal guidance for messy support realities.
Submitted by Anonymous (not verified) on

Scenario

Users at approved sites sign in fine, but traveling staff routed through company VPN or mobile carriers are unexpectedly blocked.

Recommended Resolution Path

  1. Review how Conditional Access evaluates source IP versus VPN egress and named locations.
  2. Check whether the policy mixes trusted location logic with device or risk requirements.
  3. Inspect real sign-in logs from the affected geography rather than reasoning from policy names alone.
  4. Tune exceptions narrowly and document the intended travel behavior.

Technician Notes

Document what changed, what confirmed the fix, and whether the issue points to a broader standards gap worth addressing for the client.

Subjects
Security & Continuity
Conditional Access