It seems like your browser didn't download the required fonts. Please revise your security settings and try again.

Login Sign Up Contact & Support

United States – English (GMT-5)

Email Protection

Total Email Protection

Email Gateway Defense (Email Security)

Impersonation Protection (Sentinel)

Cloud Archiving Service

Security Awareness Training (PhishLine)

Managed Security Awareness Training (Managed Phishline)

Email Security Gateway

Domain Fraud Protection

Incident Response

Message Archiver

WAF-as-a-Service

Web Application Firewall

Load Balancer ADC

Vulnerability Manager

Vulnerability Remediation Service

WAF Control Center

Active DDoS Prevention

CloudGen Firewall

CloudGen Access

Network Access Client

Firewall Insights

Web Security Gateway

Web Security Agent

Firewall Policy Manager

Intronis Backup (ECHOplatform)

Cloud-to-Cloud Backup

RMM (Managed Workplace)

Site Security Scanner

Server Backup (Yosemite)

Campus Help Center / Reference

Onboarding Portal

Network Security

Support Services

Barracuda XDR

Overview Documentation Materials

Email Protection

Total Email Protection

Email Gateway Defense (Email Security)

Impersonation Protection (Sentinel)

Cloud Archiving Service

Security Awareness Training (PhishLine)

Managed Security Awareness Training (Managed Phishline)

Email Security Gateway

Domain Fraud Protection

Incident Response

Message Archiver

WAF-as-a-Service

Web Application Firewall

Load Balancer ADC

Vulnerability Manager

Vulnerability Remediation Service

WAF Control Center

Active DDoS Prevention

CloudGen Firewall

CloudGen Access

Network Access Client

Firewall Insights

Web Security Gateway

Web Security Agent

Firewall Policy Manager

Intronis Backup (ECHOplatform)

Cloud-to-Cloud Backup

RMM (Managed Workplace)

Site Security Scanner

Server Backup (Yosemite)

Campus Help Center / Reference

Onboarding Portal

Network Security

Support Services

Login Sign Up Contact & Support

United States – English (GMT-5)

Simulating Cloud Security Threats - Conditional Access Policy Block from New Location

Last updated on 2025-04-17 14:56:41

Rule

Office 365 Conditional Access Policy Block from New Location

Purpose

This alert generates when a Conditional Access Policy blocks user authentication originating in country the user has not previously authenticated from in the last 30 days.

Objective

Verify detection when a Conditional Access Policy blocks a login from a new location.

Test Workflow

How to test

Ensure the test user has a Conditional Access Policy that restricts logins to familiar locations (e.g., specific countries or regions).
Use a VPN service to simulate a login attempt from a a location where the user has not logged in for the last 30 days.
Attempt to log in to the Office 365 account from the VPN endpoint.
A Barracuda XDR alert triggers from the SOC. The alert can be viewed via the Barracuda XDR Security Dashboard.
We request that you reply to the security alert stating that the reported activity was associated with authorized security testing.
The SOC team closes the incident, marking the conclusion of this threat simulation test.