IP Ranges to allow traffic from the Microsoft Entra provisioning service into our application (snowflake in our case)

Ananda Bhat 5 Reputation points
2024-02-29T23:11:29.7866667+00:00

Document says below: but i dont see any tag with the name "Microsoft Entra ID" in the IP range file

Microsoft Security | Microsoft Entra | Microsoft Entra ID
{count} vote

3 answers

Sort by: Most helpful
  1. JamesTran-MSFT 36,911 Reputation points Microsoft Employee Moderator
    2024-03-01T19:45:11.4066667+00:00

    @Ananda Bhat

    Thank you for your post!

    When it comes to the documentation that you're referring to, I'm assuming that it's the - Develop and plan provisioning for a SCIM endpoint in Microsoft Entra ID IP Ranges section.

    User's image

    If this is the case, when it comes to the linked Azure IP Ranges and Service Tags – Public Cloud (ServiceTags_Public_20240227.json) download, you'll find the IP ranges for MS Entra ID (formerly Azure AD) by searching for the AzureActiveDirectory tag.

    User's image

    Additional Links:

    I hope this helps!

    If you have any other questions, please let me know. Thank you for your time and patience throughout this issue.


    If the information helped address your question, please Accept the answer. This will help us and also improve searchability for others in the community who might be researching similar information.

    2 people found this answer helpful.

  2. Andy David - MVP 157.8K Reputation points MVP Volunteer Moderator
    2024-02-29T23:33:21.23+00:00
    0 comments No comments

  3. Pinaki Ghatak 5,600 Reputation points Microsoft Employee Volunteer Moderator
    2024-03-01T19:31:44.25+00:00

    Hello Ananda Bhat.

    The Microsoft Entra ID service uses a range of IP addresses for its operations. However, these IP ranges are not tagged specifically as “Microsoft Entra ID” in the IP range file. Instead, they are part of the larger set of IP ranges used by Microsoft services.

    To allow traffic from Microsoft Entra into your application, you would typically define a named location in your Conditional Access policy with the necessary IP ranges Named locations can be defined by IPv4 and IPv6 address ranges.

    You can configure up to 2000 IP ranges per named location

    Please note that the specific IP ranges used by Microsoft Entra ID may change over time, so it’s important to keep your configuration updated. Microsoft provides a JSON formatted list of all required and optional destinations, which is updated regularly


    If this information provided here helps solve your issue, please tag this as answered, so it helps further community readers, who may have similar questions.


Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.