NOTE: This change is paused by Azure AD and did not deploy as expected on 1/15/19. We will update when they restart the rollout.
We're posting the following message to all Intune customers in the Office Message Center and figured it would be useful to also post it out on this blog.
Plan for Change: Azure AD updating IP Addresses on January 15, 2019
Azure AD announced back in August that they are updating the service IP address ranges used for Azure AD’s services. Intune’s sending a friendly reminder to take action if you have configured your network to restrict resource access to Azure AD IP address ranges. Intune uses Azure AD ranges to gain access to several Intune services, and depending on your configuration, you may see an end-user affect if action is not taken. While the changes were originally going in starting in September, the work was delayed to mid-January.
How does this affect me?
If you’ve configured Azure AD IP address ranges for your firewalls, routers, or Network Security Groups, you'll need to update them to add the new endpoints: 220.127.116.11/18 and 18.104.22.168/18. Intune requires internet access for devices under Intune management – either for mobile device management or mobile application management. If access to the internet does not include these additional Azure AD IP address ranges, and Azure AD starts using these ranges, then end user logins would fail, and your users would not be able to sign-in to applications including the company portal and/or Intune App Protection Policy protected applications.
What do I need to do?
If you have multiple IT roles at your organization, tell your networking team or identity team about this change. If you’re responsible for configuring your internet traffic, then see the link to Intune support blog which contains additional information. If you’ve got a helpdesk, let them know about this upcoming change.
Here's the additional information we refer to in the post above. If you run into this, your end user will see the following error message:
Here's two helpful links - the first is Azure AD's change; the second is how to update O365 IP address ranges:
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.