The ServiceAccounts-ResourceAdminTool policy is intended to restrict access to M365 for members of O365_ResourceAdminTool_ServiceAccountss to certain IP's / IP ranges.
Assignments
User or workload identities
- Included - user aems-system@utexas.onmicrosoft.com
- Excluded - members of Surface.Hub.Conditional.Access.Bypass.Group@austin.utexas.edu
Cloud apps or actions
- All cloud apps
Conditions
- Locations - ALL except 'chm584 - Work Computer', 'scw322 - Work Computer','glenmark - Work Computer','exts01.austin.utexas.edu','ex-p01/2.austin.utexas.edu'
- Client apps - all selected
Access controls
Grant
- Block access
Session
- 0 controls selected