Mike Crowley

My feedback

  1. 8 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)

    We’ll send you updates on this idea

    5 comments  ·  General Feedback » Configuration  ·  Flag idea as inappropriate…  ·  Admin →
    Mike Crowley commented  · 

    FYI, this is now possible in ADFS 2019, using a IP list file of any length, if you don't mind building an extension in Visual Studio. There is an overview and a sample project file here:https://docs.microsoft.com/en-us/windows-server/identity/ad-fs/development/ad-fs-risk-assessment-model

    Mike Crowley commented  · 

    Agreed. Also, O365 takes 4 hours to propagate, and ~1173 is also too small a number.

    Mike Crowley commented  · 

    Not to take wind out of my own sail here, but FYI:

    If you are attempting to block IPs for use with Office 365 federation, you can do this directly in the tenant via Set-OrganizationConfig -IPListBlocked. In my testing, I was able to add ~1173 entries. Listed IP addresses will not be proxied to AD FS for authentication.
    ref: https://www.slideshare.net/AndresCanello/azure-ad-password-attacks-logging-and-protections

    Mike Crowley shared this idea  · 
  2. 53 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)

    We’ll send you updates on this idea

    Mike Crowley supported this idea  · 

Feedback and Knowledge Base