Skip to content

IP address ranges

IPs can be helpful when investigating an incident or perhaps when wanting to trigger an alert when an activity occurs in a specific service. On this page you can see the pre-defined IP ranges Microsoft maintains, these contain mostly cloud providers such as Azure or AWS. You can also create custom IP ranges and tag them as say "corporate". With tagging you could create an activity policy that creates an alert when an administrative activity occurs outside your corporate environment. Supported CIDR slash ranges are:

Range Addresses
/8 16,777,216
/16 65,536
/24 256
/32 1

Custom ranges can have one of the below categories, and once created will be added to new activities, past activities will not be updated retroactively.

  • Corporate
  • Administrative
  • Risky
  • VPN
    • This one specifically can help alleviate false positive impossible travel alerts
  • Cloud provider
  • Other

Activity logs can only have one category, when an activity's IP matches two specified ranges the custom range will take precedence. For this reason you cannot create an overlapping custom IP range.

Built-in/default ranges

These are the built-in ranges as of 1/7/25.

Name Tag Category
Acronis International Cloud provider
Advanced Hosters Cloud provider
Akamai Technologies Akamai Technologies Cloud provider
Alibaba Alibaba Cloud provider
Amazon Web Services Amazon Web Services Cloud provider
Ascenty Ascenty data centers Cloud provider
Atos Origin Brasil Ltda Cloud provider
bacloud baCloud Cloud provider
BlackBerry Limited BlackBerry Limited Cloud provider
Blacknight Internet Solutions Cloud provider
chinanet chinanet Cloud provider
Cisco CWS Cisco CWS Cloud provider
Cloud Plus Cloud Plus Cloud provider
Cloudflare Cloud provider
cloudHQ cloudHQ Cloud provider
Clouvider Limited Clouvider Limited Cloud provider
CyrusOne LLC CyrusOne LLC Cloud provider
Datto Datto Cloud provider
Digital Ocean Digital Ocean Cloud provider
Digital Ocean Cloud Computing Cloud Hosting Cloud provider
Dimension Data Cloud Dimension Data Cloud Solutions Cloud provider
Docusign Cloud provider
Facebook Corporation Facebook Cloud provider
flexential flexential Cloud provider
Forcepoint Forecepoint Cloud Cloud provider
Gigabit hosting Sdn Bhd Gigabit hosting Sdn Bhd Cloud provider
GigeNET GigeNET Cloud provider
Gogo Inflight Gogo Inflight Internet Cloud provider
Google Cloud Google Cloud Platform Cloud provider
Google Proxy Google Proxy Cloud provider
GTT Communications Inc. GTT Communications Inc. Cloud provider
Hetzner Online Hetzner Online Cloud provider
Hosters Hosters Cloud provider
Hostersi Sp. z o.o. Hostersi Sp. z o.o. Cloud provider
HostRoyale Technologies Pvt Ltd HostRoyale Technologies Pvt Ltd Cloud provider
Hughes Network Systems GmbH Hughes Network Systems GmbH Cloud provider
IBM Hosting IBM Hosting Cloud provider
iBoss inc. Cloud provider
Internet Vikings International Cloud provider
Iomart Hosting Iomart Hosting Limited Cloud provider
Keepit Keepit Cloud provider
KPN Internedservices B.V. KPN Internedservices B.V. Cloud provider
LeaseWeb Netherlands B.V. Cloud provider
LinkedIn Corporation LinkedIn Corporation Cloud provider
Linode Cloud provider
Logic web Cloud provider
Masergy Masergy Communications Cloud provider
McAfee McAfee Web Gateway Cloud provider
Microsoft 365 Common and Office Online Microsoft 365 Common and Office Online Cloud provider
Microsoft Azure Microsoft Azure Cloud provider
Microsoft Corporation Microsoft Corproration Cloud provider
Microsoft Hosting Microsoft Hosting Cloud provider
Mimecast Cloud provider
MRG Hosting MRG Hosting B.V. Cloud provider
Nexeon Technologies Cloud provider
Onavo Mobile Onavo Mobile Cloud provider
OVH Cloud provider
Psychz Networks Psychz Networks Cloud provider
Ransom IT Ransom IT Cloud provider
REDTone REDTone Cloud provider
Salesforce Salesforce Cloud Cloud provider
SB Cloud SBCLOUD Cloud provider
ScanSafe ScanSafe Cloud provider
servihosting servihosting Cloud provider
sharktech sharktech Cloud provider
Sita Onair Sita OnAir Switzerland SARL Cloud provider
Skype for Business Online and Microsoft Skype for Business Online and Microsoft Cloud provider
Symantec Symantec Cloud Cloud provider
tech data Cloud provider
Tencent cloud Tencent cloud Cloud provider
Threat Intelligence Anonymous proxy, Botnet, Tor Risky
TOT cloud Cloud provider
Triple C Cloud Computing Triple C Cloud Computing Ltd. Cloud provider
UK2 UK2 Cloud provider
UpCloud UpCloud Cloud Servers Cloud provider
Voztelecom network Voztelecom network Cloud provider
Vultr Holdings LLC Cloud provider
WorldStream B.V. WorldStream B.V. Cloud provider
Wowrack.com Wowrack.com Cloud provider
Zenex 5ive Limited Zenex 5ive Limited Cloud provider
Zscaler Zscaler Cloud provider