Azure Active Directory Published IP Addresses are incomplete

[rorydonaldson]

The latest published IP ranges - ServiceTags_Public_20240916 lists the IP ranges for AzureActiveDirectory.

When using SCIM provisioning on Snowflake, I need to add the IPs to the Snowflake account level network policy allow list.

I can see the some REST events are coming through onto Snowflake, originating from the follow IPs:

• 20.190.137.45
• 20.190.129.80

These IPs exist under ranges in AzureCloud, AzureCloud.westeurope, and AzureCloud.northeurope but not AzureActiveDirectory.

The AzureActiveDirectory service tag needs updated to include all IP ranges used for SCIM provisioning, to ensure applications can have an effective whitelist. Adding the entire AzureCloud list is not appropriate.

[ManoharLakkoju-MSFT]

@rorydonaldson
Thanks for your feedback! We will investigate and update as appropriate.

[ManoharLakkoju-MSFT]

@rorydonaldson
It would be great if you could add a link to the documentation you are following for these steps? This would help us redirect the issue to the appropriate team. Thanks!

[rorydonaldson]

@rorydonaldson It would be great if you could add a link to the documentation you are following for these steps? This would help us redirect the issue to the appropriate team. Thanks!

The documentation is here: https://learn.microsoft.com/en-us/azure/virtual-network/service-tags-overview
And the incorrect IP ranges are here: https://www.microsoft.com/en-us/download/details.aspx?id=56519

[ManoharLakkoju-MSFT]

@rorydonaldson
Thank you for bringing this to our attention.
I've delegated this to content author @asudbring, who will review it and offer their insightful opinions.