Hi @Dopod · Thank you for reaching out.
You can download Azure IP Ranges using the link below:
You can then compare the IP address in the sign-in event with the Azure IP Ranges to identify if it is a sign in originated from Azure.
If you find any suspicious IP addresses in the sign in event, you can block that via Conditional Access Policy.
Another option to block suspicious sign-ins is, by using Azure AD Identity Protection.
Note: Conditional Access Policy requries at least Azure AD Premium P1 license and Azure AD Identity Protection requires at least Azure Ad Premium P2. If you have P2 license, you can use both features. You can also integrate Identity protection with CA Policies as well to apply risk based conditions.
-----------------------------------------------------------------------------------------------------------
Please "Accept the answer" if the information helped you. This will help us and others in the community as well.