Forum Discussion
IP Subnets used by Azure ATP
I appreciate the response, but can't really accept that answer. Suggesting that we allow broader access than needed, because we are working with a cloud service doesn't make sense to me. Most other Azure and Office 365 services provide a list of subnets, because they recognize that DNS doesn't work in firewall rules for all customers.
Microsoft's https://docs.microsoft.com/en-us/windows-server/identity/ad-ds/plan/security-best-practices/securing-domain-controllers-against-attack limiting connectivity for domain controllers. Suggesting that we just allow all outbound https connectivity goes against that recommendation and will not work for us. What is the best way to escalate further, so we can get a list of Subnets used?
MicrosoftRyan, Can you give some example links of other Azure services that provided IP Subnet lists?
Why wouldn't the IPs be published through the existing REST service?
https://docs.microsoft.com/en-us/office365/enterprise/office-365-ip-web-service
- EliOfek
I think this service is only for Office, AATP is not part of Office.
but it's a good example.
Adding Itay Argoety from product to consider this example.
Ok, well to redirect the question, if the Office 365 product groups can manage the publishing of IP ranges, why can't the Azure product groups?
Also as a customer the Office/Azure distinction doesn't fly, because Azure ATP is part of EM+S E5, an add-on to O365 and part of M365 that is heavily promoted to O365/M365 customers and is available for purchase through the O365 admin portal.
