cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
SOLVED

Microsoft IP ranges in Microsoft Cloud App Security

LouisMastelinck
Brass Contributor

‎Jun 17 2020 03:41 AM - edited ‎Jun 17 2020 03:44 AM

‎Jun 17 2020 03:41 AM - edited ‎Jun 17 2020 03:44 AM

Microsoft IP ranges in Microsoft Cloud App Security

Hi,

 

I have noticed that Microsoft IP ranges in Microsoft Cloud App Security are not up to date.

I'm receiving multiple impossible travel alerts. When checking I clearly see that the IP are from Microsoft Corporation.

Normally MCAS has a list of all cloud providers dynamically with their public IP's. But this does not reflect in the activity logs.

2020-06-17 12_15_48-Alert - Cloud App Security.png

 

Examples of IP's I encountered that were not dynamically tagged: 52.149.104.180, 40.68.20.47, 40.69.196.76

 

I'm assuming that does not require any user action to update/sync the IP ranges?

Can somebody elaborate on this issue?

 

Kind Regards

Louis

Labels:
Preview file
40 KB
3,706 Views
0 Likes
4 Replies
Reply
4 Replies
dejvio

‎Nov 05 2021 07:14 AM

‎Nov 05 2021 07:14 AM

Re: Microsoft IP ranges in Microsoft Cloud App Security

@LouisMastelinck 

same here, lot of activity is show from microsoft IP addresses. It's session for user in microsoft data center to access some resources? Not sure. @Microsoft?

But solution to your problem with alerts could be tagging that IP and all similar IP's. That can be done by choosing option "Tag as corporate IP and add to whitelist". 

mscloudappsec.JPG

0 Likes
Reply
LouisMastelinck

‎Nov 22 2021 07:18 AM

‎Nov 22 2021 07:18 AM

Re: Microsoft IP ranges in Microsoft Cloud App Security

hi Dejvio,

Thanks for your reply.
Indeed this could be an option but i see this as a short term solution.
As on the long-term I would not be able to know if an IP is still in the Microsoft IP Range or not unless I manually verify?
The same go's for new IP's that are not ingested yet by Microsoft Defender for Cloud Apps (MCAS), it would require manual work... but if you have 1000 of alerts each month this not manageable.

But I do have to say that we haven't encountered this type problem due to fact that we use 3th party resources that help with the IP enrichment as soon an alert is triggered and the alert is automatically enriched.




0 Likes
Reply
best response confirmed by Trevor_Rusher (Community Manager)
JaredPoeppelman

‎Dec 03 2021 06:54 AM

‎Dec 03 2021 06:54 AM

Solution

Re: Microsoft IP ranges in Microsoft Cloud App Security

If this is still the case, I would recommend contacting support, as I think that is the best way to track this to your resolution but also ensure product support and engineering can engage, as needed, to solve it. I don't think there is anything we can do from "outside the MDCA box" to fix it.
0 Likes
Reply
alex2210

‎Feb 23 2022 04:10 AM

‎Feb 23 2022 04:10 AM

Re: Microsoft IP ranges in Microsoft Cloud App Security

Hi @LouisMastelinck, can you please share the 3rd party resources that help you update your IP ranges?

0 Likes
Reply
1 best response

Accepted Solutions
best response confirmed by Trevor_Rusher (Community Manager)
JaredPoeppelman

‎Dec 03 2021 06:54 AM

‎Dec 03 2021 06:54 AM

Solution

Re: Microsoft IP ranges in Microsoft Cloud App Security

If this is still the case, I would recommend contacting support, as I think that is the best way to track this to your resolution but also ensure product support and engineering can engage, as needed, to solve it. I don't think there is anything we can do from "outside the MDCA box" to fix it.

View solution in original post

0 Likes
Reply