I think you're going the wrong way about this, the information you've pasted above mentions adding the public IP of the Crowd server to the known/trusted IPs in AAD: https://account.activedirectory.windowsazure.com/usermanagement/mfasettings.aspx
Alternatively you should be able to use the Named location condition, if you are enforcing MFA via CA: https://portal.azure.com/#blade/Microsoft_AAD_IAM/SecurityMenuBlade/NamedNetworks
In case you do need to whitelist MS ranges, the list is under #56 here: https://learn.microsoft.com/en-us/office365/enterprise/urls-and-ip-address-ranges?redirectSourcePath=%252fen-us%252farticle%252fOffice-365-URLs-and-IP-address-ranges-8548a211-3fe7-47cb-abb1-355ea5aa88a2#microsoft-365-common-and-office-online