Significantly increase the number of Banned IPs that can be stored in ADFS.
ADFS 2019 allows for 300 IPs to be added to the "Banned IP list"
As there are nearly four billion public IPs on the internet, 300 is woefully inadequate.
Small customers that are only trying to block a few users aren't likely using ADFS anyway. Large organizations that rely on ADFS will hit the 300 limit almost immediately.
I'd like to see this number raised to 65538 (/16) or something similar.
Mike Crowley
shared this idea
1 comment
-
Mike Crowley
commented
Not to take wind out of my own sail here, but FYI:
If you are attempting to block IPs for use with Office 365 federation, you can do this directly in the tenant via Set-OrganizationConfig -IPListBlocked. In my testing, I was able to add ~1173 entries. Listed IP addresses will not be proxied to AD FS for authentication.
ref: https://www.slideshare.net/AndresCanello/azure-ad-password-attacks-logging-and-protections