Resolution

These labels allow you to define what security context is required to:

• Access an application or drive
• Use a feature.
• Login.
• Having admin role.

These are the current context policy labels:

• country: the value of this label accepts a single or a comma separated list of 2 character ISO 3166-a alpha codes. See https://en.wikipedia.org/wiki/ISO_3166-1 for a full list. Multiple countries can be added using a comma-separated list.
  Examples: country:BE or country:BE,NL 
• network: the value of this label accepts both a single IP address or a subnet. Multiple networks or IP addresses can be added using a comma-separated list.
  Examples: network:172.16.0.15 or network:172.16.0.0/8
• mfa:required: this label is automatically created. When Multi-Factor Authentication is not required at login, a dialog will be shown explaining to users they will need to re-login and use MFA to access an application, drive or feature.

When combining different types of context labels, they must all be valid before the user has access to the resource,
E.g. The Context Policy Label combination country:BE,NL mfa:required means that users will have access to the resource if their IP address comes from Belgium or the Netherlands AND that they should be logged in using Multi-Factor Authentication.