cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Is there a way to automatically add IP addresses from a specific country to a blacklist?

%3CLINGO-SUB%20id%3D%22lingo-sub-1594730%22%20slang%3D%22en-US%22%3EIs%20there%20a%20way%20to%20automatically%20add%20IP%20addresses%20from%20a%20specific%20country%20to%20a%20blacklist%3F%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1594730%22%20slang%3D%22en-US%22%3E%3CP%3EHi%20All%2C%3CBR%20%2F%3E%3CBR%20%2F%3EI'm%20currently%20experimenting%20with%20CAS%20to%20see%20how%20much%20automation%20can%20be%20done%20with%20the%20tool.%20Is%20there%20a%20way%20to%20automatically%20add%20IP%20addresses%20that%20are%20failing%20to%20authenticate%20to%20the%20blacklist%3F%20(Perhaps%20utilizing%20CAS%20with%20Power%20Automate)%20I%20am%20trying%20to%20avoid%20using%20third%20party%20tools%20and%20I%20don't%20want%20to%20have%20to%20manually%20review%20each%20alert%20that%20is%20coming%20from%20a%20few%20countries%20that%20have%20constantly%20tried%20to%20log%20into%20user%20accounts.%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThanks%20in%20advance!%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-1594730%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3ECloud%20App%20Security%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E
bryant125
Occasional Contributor

‎Aug 17 2020 05:36 PM

‎Aug 17 2020 05:36 PM

Is there a way to automatically add IP addresses from a specific country to a blacklist?

Hi All,

I'm currently experimenting with CAS to see how much automation can be done with the tool. Is there a way to automatically add IP addresses that are failing to authenticate to the blacklist? (Perhaps utilizing CAS with Power Automate) I am trying to avoid using third party tools and I don't want to have to manually review each alert that is coming from a few countries that have constantly tried to log into user accounts. 

 

Thanks in advance!

Labels:
352 Views
1 Like
2 Replies
Reply
2 Replies
Aaron Horna

‎Feb 04 2021 07:46 AM

‎Feb 04 2021 07:46 AM

Re: Is there a way to automatically add IP addresses from a specific country to a blacklist?

Did you find a way to do this at all? Would be extremely helpful for us as well. @bryant125 

0 Likes
Reply
Christopher Brumm

‎Feb 06 2021 03:43 AM

‎Feb 06 2021 03:43 AM

Re: Is there a way to automatically add IP addresses from a specific country to a blacklist?

Hi @Aaron Horna,

my approach for Cloud Apps is to use SSO from AAD whenever possible. Among many other benefits, in Conditional Access you can configure rules that use named locations - which can also be countries.

 

However, an even better approach would be to use Device State (Managed, Compliant) and Session Risks from AAD Identity Protection instead of IP addresses. It's not that hard for an attacker to obtain an IP address from your country.

 

Greetings Chris

 

0 Likes
Reply