FYI, this is now possible in ADFS 2019, using a IP list file of any length, if you don't mind building an extension in Visual Studio. There is an overview and a sample project file here:https://docs.microsoft.com/en-us/windows-server/identity/ad-fs/development/ad-fs-risk-assessment-model
Agreed. Also, O365 takes 4 hours to propagate, and ~1173 is also too small a number.
Not to take wind out of my own sail here, but FYI:
If you are attempting to block IPs for use with Office 365 federation, you can do this directly in the tenant via Set-OrganizationConfig -IPListBlocked. In my testing, I was able to add ~1173 entries. Listed IP addresses will not be proxied to AD FS for authentication.
ref: https://www.slideshare.net/AndresCanello/azure-ad-password-attacks-logging-and-protectionsMike Crowley shared this idea ·
55 votes0 comments · General Feedback » Interoperability & Integration · Flag idea as inappropriate… · Admin →Mike Crowley supported this idea ·