How can we improve Azure Active Directory?

← Azure Active Directory

Allow blocking "Sign-ins from anonymous IP addresses"

I would like to be able to block ALL sign-ins from anonymous IP addresses.

122 votes
Sign in
(thinking…)
Sign in with: Microsoft
Forgot password?
Create a password
Signed in as (Sign out)
Close
Close

We’ll send you updates on this idea

Cris shared this idea  ·   ·  Flag idea as inappropriate…  ·  Admin →

27 comments

Attach a File
Sign in
(thinking…)
Sign in with: Microsoft
Forgot password?
Create a password
Signed in as (Sign out)
Close
Close
Submitting...
An error occurred while saving the comment
  • Geoff commented  ·   ·  Flag as inappropriate

    Please move this up on the priorities to help close this security gap!

  • Anonymous commented  ·   ·  Flag as inappropriate

    Update please. This is critical now that NordVPN and others have gone public with the information that they were compromised last year.

  • Anonymous commented  ·   ·  Flag as inappropriate

    Has this feature been released yet Seems like something that should be straight forward to setup if the options were built out and enabled.

  • Dave commented  ·   ·  Flag as inappropriate

    We view them differently, but would probably block both. In an education environment we have students who use VPNs to get around content filtering, which is not really a security risk but more of a behavior issue. It would be great to be able to block sign-ins from Tor but alert or force MFA on VPN use.

  • Jake commented  ·   ·  Flag as inappropriate

    Agreed. Setting this at the Medium security level would cause issues with false positives like impossible travel distance. Workstations on a full tunnel VPN look like they're in the gateway's city while a cell phone checks into AAD from a user's actual location.

  • adminAngel Indzhov commented  ·   ·  Flag as inappropriate

    We absolutely need this. You can list them in the same way you have it in cloudappsecurity. Tor, anonimouse proxy, vpn and so on. So we can create policies based on dynamuc groups. I really would like to block sign ins from Tor network. There is no legit bussiness reason this to be allowed.

  • Mike P commented  ·   ·  Flag as inappropriate

    The risk events should all be able to be separate policies, not simply low/medium/high. The main issue is unfamiliar location is not the same risk as impossible travel and anonymous IPs. Problem would be mostly solved if we could just make the policy by the separate risk events. Separating tor from other anonymous VPNs would be a nice to have as tor is easier to blanket block.

← Previous 1

Azure Active Directory: Conditional Access

Categories

Feedback and Knowledge Base

(thinking…)
Hosted by UserVoice