Hello, I hope everyone is doing well!
Apologies for my English, as I am not fluent.
I am experiencing difficulties in segregating a wireless network for exclusive use by a digital timekeeping system (employee attendance records). The platform's authentication relies on Two-Factor Authentication, which must be correctly installed on the employee's personal smartphone. Although access to the tool is seamless and prompts for two-factor authentication, indicating that a notification will be sent to the phone and that the generated code in the app is required, the Authenticator app fails to establish communication. Upon opening the app, the immediate notification is: "Check your internet connection and try again."
The current policy permits the following IPs on any port (I am unsure if the community will censor these IPs):
20.20.32.0/19
20.190.128.0/18
20.231.128.0/19
40.126.0.0/18
52.159.5.240/28
52.159.7.16/28
52.247.73.160/28
52.250.84.176/28
52.250.85.96/28
52.251.8.48/28
70.37.154.128/25
70.37.154.128/25
134.170.116.0/25
134.170.165.0/25
13.107.6.171/32
13.107.18.15/32
13.107.140.6/32
52.108.0.0/14
52.244.37.168/32
13.107.6.192/32
13.107.9.192/32
Is it necessary to authorize another IP, or does the app require specific communication with a destination other than Microsoft to function?
Note: Currently, this has only been tested on Android devices.
Note 2: Please consider that due to equipment limitations, I can only authorize connections by IP or by complete FQDNs without wildcards.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(150.4, 41%, 24%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAM%3C/text%3E%3C/svg%3E)