Geofeed IP Location Reference that Microsoft Uses and How to Report Incorrect Location

Question

Geofeed IP Location Reference that Microsoft Uses and How to Report Incorrect Location

Shannon H 15

We have identified a range of IP's that T-Mobile USA owns and legitimately has published as a US location, but Microsoft (Azure) is showing an incorrect location of Shanghai, China. This is causing frustration and issues for our users that are subject to our US only conditional access policies if they happen to have T-Mobile service. At least one of the IP ranges is 172.59.72.0/21.

This bring up 2 questions as we have tried many avenues to beg for the location info to be updated.

Where does Microsoft obtain or how do they maintain their geolocation data that is used for Azure based platforms? Is it all self maintained or where do they reference? T-Mobile reportedly follows recent common standard for geofeed data publish. Can be seen here raw.githubusercontent.com/tmobile/tmus-geofeed/main/tmus-geo-ip.txt. *ARIN also shows the proper location as US for these IP's.
Where\how do customers contact Microsoft to advise them of bad location information for IP's?

Most legit IP lookup\whois sites are showing the proper US-MO,Kansas City location for those IP's, but not Microsoft and a couple of others like IPStack.com We have already sent ipstack.com a message and hoping they will adjust just in case that is one of Microsoft's trusted feed sources.

Akshay-MSFT 6,001 Reputation points Microsoft Employee

2023-05-04T08:50:27.25+00:00

@Shannon H

Hope you got a chance to review the action plan suggested below. Please do let me know if you have any queries in the comments section. If you don't have any further queries and the suggestion works as per your business need. Please "Accept the answer" (Yes) and "share you feedback". This will help us and others in the community as well.

Thanks,

Akshay Kaushik
Shweta Mathur 15,071 Reputation points Microsoft Employee

2023-05-29T03:35:50.4266667+00:00

Hi @Shannon H ,

Just checking in to see if the below answer helped. If this answers your query, please don’t forget to click "Accept Answer" which might be beneficial to other community members reading this thread. And, if you have any further query do let us know.
Shannon H 15 Reputation points

2023-05-31T12:30:32.9233333+00:00

@Akshay-MSFT Thank you for inquiring. The below answers were not really helpful, other than mentioning to open a support case, which we knew could be one route to go. Which we eventually did. We do not have a support contract, so in order to notify Microsoft of bad information they had in play for location\IP, it was going to cost us a per case $$. I actually started off with reaching out to AzureSupport on TWITTER to wind our way through and beg for some guidance or get a case open.

As far as your answer to my number #1 question, I was actually inquiring more about who\where Microsoft gets the public IP address info. As noted earlier, T-Mobile maintains what appears to be a legit github public published point of their IP location data. Microsoft or whoever its affiliate or source was for these ranges of IP's was totally wrong and was causing fits for numerous users in the midwest region of US. I suspect in this case it could have been ipstack.com as they were also reflecting incorrect location info. The only workaround was to exclude a large range of IP's from our existing conditional access policy to allow even though they were reportedly showing up as China & other incorrect locations. In the end, the MSFT case owner advised that back end engineering was working to correct the improper location data Microsoft had as a reference for this. It took over a week after our case was opened and it sounds like other instances had been reported and engineering was working. A bit disappointing that there is not a better or different way to notify Microsoft Azure support of something like this. Hoping it does not happen again. We would like to continue to rely on the conditional access policies for security purpose, and better accuracy. We thank you for your time.

Akshay-MSFT 6,001 Reputation points Microsoft Employee

2023-05-04T08:50:27.25+00:00

@Shannon H

Hope you got a chance to review the action plan suggested below. Please do let me know if you have any queries in the comments section. If you don't have any further queries and the suggestion works as per your business need. Please "Accept the answer" (Yes) and "share you feedback". This will help us and others in the community as well.

Thanks,

Akshay Kaushik
Shweta Mathur 15,071 Reputation points Microsoft Employee

2023-05-29T03:35:50.4266667+00:00

Hi @Shannon H ,

Just checking in to see if the below answer helped. If this answers your query, please don’t forget to click "Accept Answer" which might be beneficial to other community members reading this thread. And, if you have any further query do let us know.
Shannon H 15 Reputation points

2023-05-31T12:30:32.9233333+00:00

@Akshay-MSFT Thank you for inquiring. The below answers were not really helpful, other than mentioning to open a support case, which we knew could be one route to go. Which we eventually did. We do not have a support contract, so in order to notify Microsoft of bad information they had in play for location\IP, it was going to cost us a per case $$. I actually started off with reaching out to AzureSupport on TWITTER to wind our way through and beg for some guidance or get a case open.

As far as your answer to my number #1 question, I was actually inquiring more about who\where Microsoft gets the public IP address info. As noted earlier, T-Mobile maintains what appears to be a legit github public published point of their IP location data. Microsoft or whoever its affiliate or source was for these ranges of IP's was totally wrong and was causing fits for numerous users in the midwest region of US. I suspect in this case it could have been ipstack.com as they were also reflecting incorrect location info. The only workaround was to exclude a large range of IP's from our existing conditional access policy to allow even though they were reportedly showing up as China & other incorrect locations. In the end, the MSFT case owner advised that back end engineering was working to correct the improper location data Microsoft had as a reference for this. It took over a week after our case was opened and it sounds like other instances had been reported and engineering was working. A bit disappointing that there is not a better or different way to notify Microsoft Azure support of something like this. Hoping it does not happen again. We would like to continue to rely on the conditional access policies for security purpose, and better accuracy. We thank you for your time.

Answer 1

@Shannon H ,

Thank you for posting your query on Microsoft Q&A. PFB answer to your queries below:

Where does Microsoft obtain or how do they maintain their geolocation data that is used for Azure based platforms? Is it all self maintained or where do they reference? T-Mobile reportedly follows recent common standard for geofeed data publish. Can be seen here raw.githubusercontent.com/tmobile/tmus-geofeed/main/tmus-geo-ip.txt. *ARIN also shows the proper location as US for these IP's.

The location is found using the public IP address a client provides to Azure Active Directory or GPS coordinates provided by the Microsoft Authenticator app. It uses location services like any other application.

When you use a cloud hosted proxy or VPN solution, the IP address Azure AD uses while evaluating a policy is the IP address of the proxy. The X-Forwarded-For (XFF) header that contains the user’s public IP address isn't used because there's no validation that it comes from a trusted source, so would present a method for faking an IP address.

The location found using the public IP address a client provides to Azure Active Directory or GPS coordinates provided by the Microsoft Authenticator app.

Where\how do customers contact Microsoft to advise them of bad location information for IP's?

You could raise a support ticket to report the issue for immediate assistance and share company portal or authenticator app logs.

Please do let me know if you have any further queries. Also try looking at the fiddler trace for one of the impacted device.

Thanks,

Akshay Kaushik

Please "Accept the answer" (Yes), and share your feedback if the suggestion answers you’re your query. This will help us and others in the community as well.

Geofeed IP Location Reference that Microsoft Uses and How to Report Incorrect Location

1 answer

Activity