Enterprises that use Enterprise Managed Users (EMUs) to authenticate their accounts via Azure Active Directory can now use Azure AD location-based Conditional Access policies to protect the use of PATs and SSH keys. This requires the use of a new OpenID Connect-based application rather than a SAML integration. To learn more, read about enforcing Azure AD Conditional Access for PATs and SSH keys.
Note: this feature is currently in public beta for new and existing Azure AD EMU enterprises.
For more information: