Skip MFA with public on-prem server > Is there a known ip-range from Microsoft to limit the access in our firewall for our server??

Philipp M 1 Reputation point
2019-12-05T14:36:47.507+00:00

Hello,

all our users have MFA enable. We are considering a new add-on for our on-prem crowd server (which we use for our authentication for the atlassian applications).

The requirement is to make the server public and to add the public ip to the cloud based mfa settings.

"In this scenario, users with Azure AD MFA enabled will authenticate to your Atlassian applications by entering only their Office 365 username and password in the login forms of those applications. Users will not be asked to enter any other authentication factor response. This is made possible by adding your Crowd server's public IP address to the list of trusted ips in Azure AD MFA settings."

Is there an MS ip-range which we can add into our firewall-settings to limit the access?

Thanks and regards,
Philipp

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
22,648 questions
0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. Vasil Michev 111.1K Reputation points MVP
    2019-12-05T16:50:48.25+00:00

    I think you're going the wrong way about this, the information you've pasted above mentions adding the public IP of the Crowd server to the known/trusted IPs in AAD: https://account.activedirectory.windowsazure.com/usermanagement/mfasettings.aspx
    Alternatively you should be able to use the Named location condition, if you are enforcing MFA via CA: https://portal.azure.com/#blade/Microsoft_AAD_IAM/SecurityMenuBlade/NamedNetworks

    In case you do need to whitelist MS ranges, the list is under #56 here: https://learn.microsoft.com/en-us/office365/enterprise/urls-and-ip-address-ranges?redirectSourcePath=%252fen-us%252farticle%252fOffice-365-URLs-and-IP-address-ranges-8548a211-3fe7-47cb-abb1-355ea5aa88a2#microsoft-365-common-and-office-online

    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.