question

SruthiKudaravalli-0768 avatar image
0 Votes"
SruthiKudaravalli-0768 asked StuartEggerton-4447 answered

Static IP address for login.microsoftonline.com

Is there a static IP address for login.microsoftonline.com. Our tools are using Azure Active Directory to authenticate users and our customers have firewall to filter unwanted traffic. I don't see a static IP address for login.microsoftonline.com to allow it through the firewall.

azure-active-directory
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

1 Answer

StuartEggerton-4447 avatar image
0 Votes"
StuartEggerton-4447 answered

login.microsoftonline.com is a globally distributed service with multiple IP addresses. If it is possible I would suggest outbound proxy filtering by hostname (FQDN) instead of IP for such endpoints or else you end up with a huge maintenance overhead if a vendor e.g. Microsoft change the IP address.

If you are using Azure Firewall then this is the feature https://docs.microsoft.com/en-us/azure/firewall/fqdn-filtering-network-rules

Similar features exist with Fortigate etc..

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.