Forum Discussion
Microsoft IP ranges in Microsoft Cloud App Security
Hi,
I have noticed that Microsoft IP ranges in Microsoft Cloud App Security are not up to date.
I'm receiving multiple impossible travel alerts. When checking I clearly see that the IP are from Microsoft Corporation.
Normally MCAS has a list of all cloud providers dynamically with their public IP's. But this does not reflect in the activity logs.
Examples of IP's I encountered that were not dynamically tagged: 52.149.104.180, 40.68.20.47, 40.69.196.76
I'm assuming that does not require any user action to update/sync the IP ranges?
Can somebody elaborate on this issue?
Kind Regards
Louis
- If this is still the case, I would recommend contacting support, as I think that is the best way to track this to your resolution but also ensure product support and engineering can engage, as needed, to solve it. I don't think there is anything we can do from "outside the MDCA box" to fix it.
4 Replies
- If this is still the case, I would recommend contacting support, as I think that is the best way to track this to your resolution but also ensure product support and engineering can engage, as needed, to solve it. I don't think there is anything we can do from "outside the MDCA box" to fix it.
same here, lot of activity is show from microsoft IP addresses. It's session for user in microsoft data center to access some resources? Not sure. @Microsoft?
But solution to your problem with alerts could be tagging that IP and all similar IP's. That can be done by choosing option "Tag as corporate IP and add to whitelist".
- hi Dejvio,
Thanks for your reply.
Indeed this could be an option but i see this as a short term solution.
As on the long-term I would not be able to know if an IP is still in the Microsoft IP Range or not unless I manually verify?
The same go's for new IP's that are not ingested yet by Microsoft Defender for Cloud Apps (MCAS), it would require manual work... but if you have 1000 of alerts each month this not manageable.
But I do have to say that we haven't encountered this type problem due to fact that we use 3th party resources that help with the IP enrichment as soon an alert is triggered and the alert is automatically enriched.Hi LouisMastelinck, can you please share the 3rd party resources that help you update your IP ranges?
