Missing outbound ips

Question

Why aren't all the outbound ip for my azure web app listet in the Azure IP Ranges and Service Tags – Public Cloud - https://www.microsoft.com/en-us/download/confirmation.aspx?id=56519? I cant only find one of the ips 52.178.208.12 in all of my outbound ips in this document.

My outbound ips for web app are:

• 52.169.235.245,
• 52.169.232.215,
• 52.169.233.130,
• 52.169.236.215,
• 52.169.239.254,
• 52.169.239.174,
• 20.54.43.246,
• 20.54.43.227,
• 20.54.43.255,
• 20.54.44.19,
• 20.54.44.47,
• 20.54.44.48,
• 20.54.44.105,
• 20.105.113.185,
• 20.123.105.185,
• 20.123.105.211,
• 20.123.104.88,
• 20.54.93.29,
• 52.178.208.12

Why are they not listet in the document? Is the some other way to get up to date ips range for azure services?

Answer 1

Hi @Thorbjørn Nielsen I went through the same exercise, actually using Service Tags - List (REST API) checking my app service's outbound IP under the AppService tag and came up short. I did however find its network id under AzureCloud (52.169.0.0/16). If you're wanting check the most recent list of outbound IPs, I would reference those under Azure Cloud, per Azure Service tags overview.

However, if you're checking these IPs to do some whitelisting, it's not advised to use that service tag as noted:

For example, the AzureCloud tag may be used to allow inbound traffic. In most scenarios, we don't recommend allowing traffic from all Azure IPs since IPs used by other Azure customers are included as part of the service tag.

Therefore, your best option is to either...

• Use VNet integration with either a load balancer (Gateway, FrontDoor, Traffic Manager), Site-to-Site VPN or ExpressRoute along with a Network Security Group (NSG).
• Pull your outbound IPs from the App Service properties. Note though this will change as scale.

...assuming that's your end goal.