We currently have a need to allow access to a subset of micsosoft ips which are currently housed in brazil. We have a country block and a country allow group but do not want to provide full access to all sites in that country. What is the best way to allow the traffic in Netskope based on the ips that microsoft has provided for Brazil which seem to be in the 52.109.88.0/24 range?
How to create an allow listing for a range of microsoft ips
+2This topic has been closed for replies.
+8@arivadeneira There is no option to block users based on destination IPs.
The only available options are to create policies based on Source IP, Source Country, and Destination Country.
You could submit this as a new feature request from the 'Feedback' section on your tenant UI.
+12@arivadeneira you are talking about Microsoft and this is wide open topic. Do you mean O365 Access. If yes you can try policy where you allow the office apps and combine it with destination country (Brazil). However there is always a risk that some traffic has to leave the country and maybe some IP range from MS may not be listed correctly in the geo location DB we use. So it is a bit of a risky approach and has to be tested first.
+12It's a bit manual but couldn't you create a network location and create your policy based on an IP range? I think @juergen said it best that it's a risky approach depending on what Microsoft Service you are trying to use/protect with Netskope.
+8@rfletcher currently, there is no option to create a policy based on Destination IPs.
What @juergen suggested would be the best approach in the given scenario, with the clauses he has mentioned.
Sign up
Already have an account? Login
Sign in or register securely using Single Sign-On (SSO)
Employee Continue as Customer / Partner (Login or Create Account)Login to the community
Sign in or register securely using Single Sign-On (SSO)
Employee Continue as Customer / Partner (Login or Create Account)Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.