Enterprise App with IP Access Restriction blocking access from whitelisted networks

Question

We have an Azure Enterprise App that is using IP Access Restriction to whitelist the company networks that can access it. We have an office with 2 different ISP circuits. Both ISP IP ranges have been whitelisted. But when we turn on load balancing at the router so that traffic is sent over either network simultaneously, access is blocked randomly. I assume it's because we are using Microsoft SSO to sign in and since traffic for the session is coming from 2 IPs the policy is blocking the traffic.

What do we need to do to ensure that traffic from this office is not blocked?

Answer 1

@Danilo Corrons

Thank you for reaching out to us on Microsoft Q&A.

To troubleshoot this issue, we will have to check the sign-in logs of user whose sign-in was blocked.
In sign-in logs you will get the IP address that the request is coming from. You can confirm the IP address and check if it is part of whitelisted IP's that you have defined.

Also, check and make sure that your load balancer is not NATing the IP address. If this is the case that you will have to define IP of a load balancer also in whitelisted list.

Also, in sign-in logs you can check and confirm that as to which conditional access is getting applied to the request. And under what conditions the request is getting blocked.
You can refer below article to get more information on troubleshooting conditional access policies.
https://learn.microsoft.com/en-us/azure/active-directory/conditional-access/troubleshoot-conditional-access

Let me know if you have any further questions.

Please "Accept the answer" if the information helped you. This will help us and others in the community as well.