SOLVED
Home

bulk block the IP addresses in exchange online?

%3CLINGO-SUB%20id%3D%22lingo-sub-392091%22%20slang%3D%22en-US%22%3Ebulk%20block%20the%20IP%20addresses%20in%20exchange%20online%3F%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-392091%22%20slang%3D%22en-US%22%3E%3CP%3EWe%20check%20the%20regular%20sign-in%20attempt%20failures%20in%20Azure%20ctive%20directory%20and%20block%20multiple%20IP%20addresses%20from%20the%20Exchange%20online%20admin%20center.%3C%2FP%3E%3CP%3EWe%20have%20atleast%2040-50%20IP%20addresses%20to%20be%20blocked%20in%20each%20instance.%20I%20dont%20see%20any%20option%20to%20bulk%20block%20the%20IP%20addresses%20in%20connection%20filtering%20in%20exchange%20online.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20didn't%20find%20any%20PS%20script%20either.%20Any%20leads%20would%20be%20appreciated.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-392091%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3Eblock%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EExchange%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EExchange%20Online%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EOffice%20365%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-480594%22%20slang%3D%22en-US%22%3ERe%3A%20bulk%20block%20the%20IP%20addresses%20in%20exchange%20online%3F%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-480594%22%20slang%3D%22en-US%22%3E%3CP%3Eyes%2C%20this%20looks%20good.%20thank%20you%20guys!%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-480593%22%20slang%3D%22en-US%22%3ERe%3A%20bulk%20block%20the%20IP%20addresses%20in%20exchange%20online%3F%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-480593%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F169605%22%20target%3D%22_blank%22%3E%40Christopher%20Hoard%3C%2FA%3E%26nbsp%3B%3A%20thank%20you%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-392769%22%20slang%3D%22en-US%22%3ERe%3A%20bulk%20block%20the%20IP%20addresses%20in%20exchange%20online%3F%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-392769%22%20slang%3D%22en-US%22%3E%3CP%3ELooks%20to%20me%20like%20you%20want%20to%20block%20auth%20attempts%2C%20not%20messages%20coming%20from%20those%20IPs%2C%20right%3F%20If%20so%2C%20the%20best%20way%20to%20do%20it%20is%20via%20Client%20Access%20Rules%2C%20which%20allow%20you%20to%20specify%20allowed%2Fblocked%20IPs%20per%20protocol%3A%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fexchange%2Fclients-and-mobile-in-exchange-online%2Fclient-access-rules%2Fclient-access-rules%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fexchange%2Fclients-and-mobile-in-exchange-online%2Fclient-access-rules%2Fclient-access-rules%3C%2FA%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EOr%20you%20can%20even%20block%20legacy%20auth%20altogether%20via%20auth%20polices%3A%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fexchange%2Fclients-and-mobile-in-exchange-online%2Fdisable-basic-authentication-in-exchange-online%3FredirectSourcePath%3D%25252fen-us%25252farticle%25252fdisable-basic-authentication-in-exchange-online-bba2059a-7242-41d0-bb3f-baaf7ec1abd7%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fexchange%2Fclients-and-mobile-in-exchange-online%2Fdisable-basic-authentication-in-exchange-online%3FredirectSourcePath%3D%25252fen-us%25252farticle%25252fdisable-basic-authentication-in-exchange-online-bba2059a-7242-41d0-bb3f-baaf7ec1abd7%3C%2FA%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-392188%22%20slang%3D%22en-US%22%3ERe%3A%20bulk%20block%20the%20IP%20addresses%20in%20exchange%20online%3F%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-392188%22%20slang%3D%22en-US%22%3EHi!%3CBR%20%2F%3E%3CBR%20%2F%3ESee%20the%20examples%20in%20that%20article%20-%20they%20don%E2%80%99t%20need%20to%20be%20in%20ranges%20you%20would%20just%20have%20them%20in%20commas%20and%20separated%20by%20dashes.%3CBR%20%2F%3E%3CBR%20%2F%3EHope%20that%20helps!%3CBR%20%2F%3E%3CBR%20%2F%3EBest%2C%20Chris%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-392138%22%20slang%3D%22en-US%22%3ERe%3A%20bulk%20block%20the%20IP%20addresses%20in%20exchange%20online%3F%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-392138%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F169605%22%20target%3D%22_blank%22%3E%40Christopher%20Hoard%3C%2FA%3E%26nbsp%3B%3A%20thanks%20for%20your%20reply.%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20had%20one%20doubt%3A%20the%20IP%20addresses%20which%20I%20want%20to%20block%20do%20not%20have%20a%20specific%20range.%20For%20eg%3A%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EFollowing%20are%20the%20samples%20which%20I%20want%20to%20block%3A%3C%2FP%3E%3CP%3E1.255.70.86%3C%2FP%3E%3CP%3E119.146.145.50%3C%2FP%3E%3CP%3E123.20.162.164%3CBR%20%2F%3E180.248.139.10%3CBR%20%2F%3E14.247.25.62%3CBR%20%2F%3E61.160.25.118%3CBR%20%2F%3E97.34.128.216%3CBR%20%2F%3E219.154.66.223%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ESometimes%20I%20have%20to%20block%20200%20of%20these%20different%20IP%20addresses.%26nbsp%3B%20Is%20there%20any%20other%20way%20to%20achieve%20this%3F%3CBR%20%2F%3E%3CBR%20%2F%3E%3C%2FP%3E%3CP%3Ethank%20you%20again%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-392125%22%20slang%3D%22en-US%22%3ERe%3A%20bulk%20block%20the%20IP%20addresses%20in%20exchange%20online%3F%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-392125%22%20slang%3D%22en-US%22%3EHi%2C%3CBR%20%2F%3E%3CBR%20%2F%3EUse%20Powershell%20to%20set%20the%20Connection%20Filter%20Policy%3CBR%20%2F%3E%3CBR%20%2F%3E%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fpowershell%2Fmodule%2Fexchange%2Fantispam-antimalware%2Fset-hostedconnectionfilterpolicy%3Fview%3Dexchange-ps%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fpowershell%2Fmodule%2Fexchange%2Fantispam-antimalware%2Fset-hostedconnectionfilterpolicy%3Fview%3Dexchange-ps%3C%2FA%3E%3CBR%20%2F%3E%3CBR%20%2F%3EHope%20that%20answers%20your%20question%3CBR%20%2F%3E%3CBR%20%2F%3EBest%2C%20Chris%3C%2FLINGO-BODY%3E
Test SharePoint
Contributor

We check the regular sign-in attempt failures in Azure ctive directory and block multiple IP addresses from the Exchange online admin center.

We have atleast 40-50 IP addresses to be blocked in each instance. I dont see any option to bulk block the IP addresses in connection filtering in exchange online.

 

I didn't find any PS script either. Any leads would be appreciated.

6 Replies
Hi,

Use Powershell to set the Connection Filter Policy

https://docs.microsoft.com/en-us/powershell/module/exchange/antispam-antimalware/set-hostedconnectio...

Hope that answers your question

Best, Chris

@Christopher Hoard : thanks for your reply. 

 

I had one doubt: the IP addresses which I want to block do not have a specific range. For eg:

 

Following are the samples which I want to block:

1.255.70.86

119.146.145.50

123.20.162.164
180.248.139.10
14.247.25.62
61.160.25.118
97.34.128.216
219.154.66.223

 

Sometimes I have to block 200 of these different IP addresses.  Is there any other way to achieve this?

thank you again

 

Hi!

See the examples in that article - they don’t need to be in ranges you would just have them in commas and separated by dashes.

Hope that helps!

Best, Chris
Solution

Looks to me like you want to block auth attempts, not messages coming from those IPs, right? If so, the best way to do it is via Client Access Rules, which allow you to specify allowed/blocked IPs per protocol: https://docs.microsoft.com/en-us/exchange/clients-and-mobile-in-exchange-online/client-access-rules/...

 

Or you can even block legacy auth altogether via auth polices: https://docs.microsoft.com/en-us/exchange/clients-and-mobile-in-exchange-online/disable-basic-authen...

Highlighted

yes, this looks good. thank you guys!

Related Conversations
Tabs and Dark Mode
cjc2112 in Discussions on
46 Replies
Extentions Synchronization
Deleted in Discussions on
3 Replies
Stable version of Edge insider browser
HotCakeX in Discussions on
35 Replies
flashing a white screen while open new tab
Deleted in Discussions on
14 Replies
How to Prevent Teams from Auto-Launch
chenrylee in Microsoft Teams on
29 Replies
Security Community Webinars
Valon_Kolica in Security, Privacy & Compliance on
13 Replies