Share via

New IP range used by AAD Connect?

BartPL 0 Reputation points
2023-05-11T15:52:57.9733333+00:00

Hi,

We were setting up today a AAD Connect for new customer and we noticed during first configuration it threw out an error about "Single Sign On enabling failure".

At that point we could see on Firewall that there was a denied connection from IP: 51.136.126.57

This IP does belong to MS:

inetnum:        51.136.0.0 - 51.138.255.255
org:            ORG-MA42-RIPE
netname:        MICROSOFT
descr:          Microsoft Limited UK
country:        GB
admin-c:        DH5439-RIPE
tech-c:         MRPA3-RIPE
status:         LEGACY

but was not presented in any of official docs for the IPs and URLs that are supposed to be added:

https://learn.microsoft.com/en-us/microsoft-365/enterprise/urls-and-ip-address-ranges?view=o365-worldwide

https://learn.microsoft.com/en-us/azure/active-directory/hybrid/connect/reference-connect-ports

https://learn.microsoft.com/en-us/azure/active-directory/hybrid/connect/how-to-connect-health-agent-install#requirements

We have allowed it and rerunning the AAD Connect succeeded.

Is that:

  1. New change in IP range and the articles were not updated?
  2. or was it an error with routing (or sth) and that call shouldn't have come from that IP?

Regards,

B.

Microsoft Security | Microsoft Entra | Microsoft Entra ID

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. JimmySalian-2011 42,511 Reputation points
    2023-05-11T18:36:47.7133333+00:00

    Hi,

    Basically the new IP address is listed in the Public IP address block doc and you can view it here - https://www.microsoft.com/en-us/download/confirmation.aspx?id=53602

    ==

    Please Accept the answer if the information helped you. This will help us and others in the community as well.

    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.