How to create an allow listing for a range of microsoft ips
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-28-2021 11:58 AM
We currently have a need to allow access to a subset of micsosoft ips which are currently housed in brazil. We have a country block and a country allow group but do not want to provide full access to all sites in that country. What is the best way to allow the traffic in Netskope based on the ips that microsoft has provided for Brazil which seem to be in the 52.109.88.0/24 range?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-31-2021 01:34 AM
@arivadeneira There is no option to block users based on destination IPs.
The only available options are to create policies based on Source IP, Source Country, and Destination Country.
You could submit this as a new feature request from the 'Feedback' section on your tenant UI.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-01-2021 09:07 AM
@arivadeneira you are talking about Microsoft and this is wide open topic. Do you mean O365 Access. If yes you can try policy where you allow the office apps and combine it with destination country (Brazil). However there is always a risk that some traffic has to leave the country and maybe some IP range from MS may not be listed correctly in the geo location DB we use. So it is a bit of a risky approach and has to be tested first.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-03-2021 05:04 AM
It's a bit manual but couldn't you create a network location and create your policy based on an IP range? I think @juergen said it best that it's a risky approach depending on what Microsoft Service you are trying to use/protect with Netskope.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-03-2021 10:16 PM
@rfletcher currently, there is no option to create a policy based on Destination IPs.
What @juergen suggested would be the best approach in the given scenario, with the clauses he has mentioned.
