Anonymous/Tor as filter/condition

Brass Contributor

Hello again 🙂 

is there the possibility to use Anonymous Ips/Tor Network as a condition or a filter for a rule ?

In the built in anomaly detection policy, I see we have one rule "Activity from anonymous IP addresses", that is tracking all the activities done with these kind of network, but is there any possibility to have a custom rule about it?

to be more specific we want to create a set of rules to block navigation and authetication from anonymous ips and TOR for specific applications, since there is no reason expecially for a frontline worker to use a company application from that kind of networks.

So is there any possibility to it ?

Thank you!

 

2 Replies
Hello @siastolf

please look the website

https://argonsys.com/microsoft-cloud/library/cloud-app-security-block-tor-browser-anonymous-ip/

if you liked it mark the answer with a like.
if you thought this answer helped in any way please mark it as best answer
Hi thank you for the suggestion.
It seems anyway that it's not 100% working.

So putting an access control policy using as filter "Ip address -> Tag ->Category->Risky Ip
does not completly work, indeed once I tested it connecting with a TOR browser to a monitored powerapps, nothing was logged/blocked.

I made it working using a different filter, so IP address -> Tag -> Equals-> Tor, Anonymous proxy

in this case I got an alert once a user tried to connect to the powerapp with a Tor browser.