![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(153.6, 6%, 24%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ERV%3C/text%3E%3C/svg%3E)
Hello Rene,
Based on your question, I figured that the objective of the task is to block users from accessing cloud applications within specified time period through the day. This at the moment is very limited via Microsoft Conditional Access and it might require third-party software.
The limited potential comes from the fact that Session Control page in CA Policies allows only to specify the period between authentication, it's called Periodic Re-Authentication. If you specify for example 8 hours, users will authenticate at the start of their day via MFA, then should be able to access their resources without MFA prompt, allowing them to work efficiently and have less MFA fatigue.
My suggestion is to go towards this as blocking access is very limiting, but rather choosing MFA ensures the user identities are secured.
More on this Policy 1: Sign-in frequency control