question

JeffHutto-4461 avatar image
0 Votes"
JeffHutto-4461 asked Givary-MSFT commented

Azure AD Identity Protection Has Incorrect Geo-IP Information

We have some users who are being flagged as "high risk" because Microsoft Azure AD sees they are connecting from outside the US when they are actually in the US. We have a number of government contractors who will sometimes connect through the government-provided VPN, and their traffic will all come from a datacenter in the US. However, Microsoft shows that IP address as coming from Spain. I've checked several online WHOIS Geo-IP lookups, and these IPs are all listed as coming from the same place in the US. Only Microsoft seems to show them as coming from overseas. My problem is I have to open a ticket for these every time, and Microsoft might whitelist one or two IPs, but it's like playing a game of whackamole.

Are there any other avenues I can take?

azure-ad-identity-protection
· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

@JeffHutto-4461

Thank you for detailed description ( Azure AD Identity Protection has shows incorrect Geo-IP information when users signin) of the issue and approach to resolve as well.

Would request you to share the support id which you have worked on this issue, so that I can investigate further on this.

Also, wanted to check if you have leveraged risk policies as an option.

Refer to this link for more detailed information - https://docs.microsoft.com/en-us/azure/active-directory/identity-protection/howto-identity-protection-configure-risk-policies

Enable sign-in risk policy for MFA - https://docs.microsoft.com/en-us/azure/active-directory/authentication/tutorial-risk-based-sspr-mfa#:~:text=Enable%20sign%2Din%20risk%20policy%20for%20MFA

Let me know if you have any further questions.

0 Votes 0 ·

0 Answers