Update: Microsoft will be moving away from UserVoice sites on a product-by-product basis throughout the 2021 calendar year. We will leverage 1st party solutions for customer feedback. Learn more here.

How can we improve Azure Active Directory?

← Azure Active Directory

Allow blocking "Sign-ins from anonymous IP addresses"

I would like to be able to block ALL sign-ins from anonymous IP addresses.

339 votes

We're glad you're here

Please sign in to leave feedback
Signed in as (Sign out)
Close
Close

We’ll send you updates on this idea

Cris shared this idea  ·   ·  Flag idea as inappropriate…  ·  Admin →

57 comments

We're glad you're here

Please sign in to leave feedback
Signed in as (Sign out)
Close
Close
Submitting...
An error occurred while saving the comment
  • gunbird commented  ·   ·  Flag as inappropriate

    The solution from @Doberman only works for web applications if I'm not mistaken. If the connection uses an heavy client the policy will not be applied.

    So this problem still needs a definitive and comprehensive solution.

  • Doberman commented  ·   ·  Flag as inappropriate

    You can already do this from Cloud App Security > Policies > Conditional Access. There is a tag there called Anonymous Proxy for IP addresses that you can use to not allow sign in.

  • Del commented  ·   ·  Flag as inappropriate

    We are getting these at an ever increasing rate. We have blocked most countries but these still allows attempted access. We are rolling out MFA for O365 and our VPN. I've blocked a few major sites, but would prefer to be proactive and not reactive. Adding the IP address after the fact is reactive against hackers.

  • Jeff Smith commented  ·   ·  Flag as inappropriate

    I agree with below, we are suddenly getting notified about these on a daily bases, but you can't do anything about them. So it just creates a bunch of noise that you need to look at.

  • Chris Stelzer commented  ·   ·  Flag as inappropriate

    I whipped up this Playbook to Synchronize TOR Exit Node IP's to a Named Location List in Azure AD. This should partially address this concern until an official solution in place - https://github.com/Azure/Azure-Sentinel/tree/master/Playbooks/Update-NamedLocations-TOR. Process could easily be adapted to encompass anonymous IP addresses from other API's.

  • Geoff commented  ·   ·  Flag as inappropriate

    Please help us Microsoft and start working on this. It is maddening that it can be detected as an azure risk but we cannot block it

  • Ben commented  ·   ·  Flag as inappropriate

    First, create an Azure "Named Location" with the IP Address list that you would like to block then created a "Conditional Access" Policy to block the Named location.

  • Anonymous commented  ·   ·  Flag as inappropriate

    If you click on the preview of named locations it will allow you to add IPV6 addresses. It works perfectly thank you.

  • David S. commented  ·   ·  Flag as inappropriate

    Any update with blocking anonymous IP addresses this is a large security concern, and has been over 19 months since the last update

  • Hafeez MAJEK commented  ·   ·  Flag as inappropriate

    Please can you kindly make the Blocking of Sign-ins from Anonymous IP address a default rule within O365 email protection policies?

    WHY IS MICROSOFT LETTING CUSTOMERS REMAIN EXPOSED TO LOGINs FROM ANONYMOUS SOURCES!!!!!!

  • Nick McIntosh commented  ·   ·  Flag as inappropriate

    This needs to be prioritized or a workaround needs to be provided. This is a huge miss for Microsoft.

  • Donato, Mark commented  ·   ·  Flag as inappropriate

    This needs to be implemented. It is absolutely ridiculous to me that Microsoft does not realize how serious of a threat this is.

  • Arshad Sheikh commented  ·   ·  Flag as inappropriate

    Majority of the attackers use Anonymizer / TOR, but there is no way to block these connections using conditional access? Every single tool, MCAS / Sentinel report this but no way to prevent it. Any ETA on this.

← Previous 1 3

Azure Active Directory: Conditional Access

Categories

Feedback and Knowledge Base

(thinking…)
Hosted by UserVoice