Allow blocking "Sign-ins from anonymous IP addresses"
I would like to be able to block ALL sign-ins from anonymous IP addresses.

This work is still in the plan, we don’t have an update on an eta at this point.
52 comments
-
Jeff Smith commented
I agree with below, we are suddenly getting notified about these on a daily bases, but you can't do anything about them. So it just creates a bunch of noise that you need to look at.
-
Chris Stelzer commented
I whipped up this Playbook to Synchronize TOR Exit Node IP's to a Named Location List in Azure AD. This should partially address this concern until an official solution in place - https://github.com/Azure/Azure-Sentinel/tree/master/Playbooks/Update-NamedLocations-TOR. Process could easily be adapted to encompass anonymous IP addresses from other API's.
-
Patrick Lubbers commented
Waiting for this to be resolved. Need to block access from anonymous IP's
-
David S. commented
Why can't we block anonymous ip's or force MFA is it can be detected?
-
Sigmund Brandstaetter commented
Any update?
-
Geoff commented
Please help us Microsoft and start working on this. It is maddening that it can be detected as an azure risk but we cannot block it
-
Ben commented
First, create an Azure "Named Location" with the IP Address list that you would like to block then created a "Conditional Access" Policy to block the Named location.
-
Anonymous commented
If you click on the preview of named locations it will allow you to add IPV6 addresses. It works perfectly thank you.
-
Geoff commented
PLEASE start work on this to help protect all Office 365 customers
-
David S. commented
Any update with blocking anonymous IP addresses this is a large security concern, and has been over 19 months since the last update
-
Hafeez MAJEK commented
Please can you kindly make the Blocking of Sign-ins from Anonymous IP address a default rule within O365 email protection policies?
WHY IS MICROSOFT LETTING CUSTOMERS REMAIN EXPOSED TO LOGINs FROM ANONYMOUS SOURCES!!!!!!
-
Anonymous commented
The fact that this can be reported on in CAS and not blocked is ridiculous.
-
Nick McIntosh commented
This needs to be prioritized or a workaround needs to be provided. This is a huge miss for Microsoft.
-
Donato, Mark commented
This needs to be implemented. It is absolutely ridiculous to me that Microsoft does not realize how serious of a threat this is.
-
Arshad Sheikh commented
Majority of the attackers use Anonymizer / TOR, but there is no way to block these connections using conditional access? Every single tool, MCAS / Sentinel report this but no way to prevent it. Any ETA on this.
-
shnl commented
is there an ETA for this feature?
-
Anonymous commented
Hit the "vote" button above and vote for this feature. It lags behind many others at the moment so I would assume the product team will focus on higher priority items. I don't know if you can vote multiple times but give it a try ! To see the competing features, hit the yellow "Planned" button.
-
Anonymous commented
Can we please get this feature? It does us no good to investigate TOR and anonymous logins hours after the fact, it would help if we could block these
-
Anonymous commented
Any update on this request? thanks.
-
Geoff commented
In response to the question about including Tor and anonymous VPN - yes please! If it shows up in the risk events as a sign in from anonymous IP - I want to be able to block it with conditional access