Skip to main content

How can we help you?

Druva Documentation

Configure Azure AD Conditional Access to exclude inSync

If your organization uses Azure AD with Conditional Access for authenticating and providing access to users, as an inSync administrator ensure -

  1. Druva inSync IP address range is defined as a Named Location in Conditional Access.
  2. The Named Location is part of the Conditional Access Policy Exclusion list. 

It is mandatory to ensure the above conditions, else Druva inSync fails to backup & restore Microsoft 365 data of all users and administrators.


  • You must be an Azure AD administrator with Conditional Access administrator privileges.
  • Get the IP Address range in CIDR notation for inSync Cloud by raising a case with Druva Support.


  1. Login to Azure Portal.
  2. Configure or define a Named Location.
    1. Go to Azure Active Directory > Security > Conditional AccessNamed locations.
    2. Click New location.
    3. Provide a Name and the IP range.
    4. (Optional)  Select Mark as Trusted Location. 
      For more information, see Using the condition location in a Conditional Access Policy.
  3. After creating the Named Location, ensure you exclude this Named Location in the Conditional Access Policy's Location list. For more information, see Conditional Access: Condition Location.
    1. Go to Azure Active Directory > Security > Conditional Access > {Select your Conditional Access Policy}.
    2. Click on Conditions > Locations.
    3. Select the Exclude tab and then click Selected Locations.
    4. Select the Named Location that you created in Step 2 from the right-hand side panel.
    5. Click Save.

inSync users and administrators now logging on using MFA and with Conditional Access will be backed up successfully. Users and administrators can even restore their data seamlessly.

  • Was this article helpful?