ManoharLakkoju-MSFT
commented
1 day ago @rorydonaldson Thanks for your feedback! We will investigate and update as appropriate.
Open rorydonaldson opened 2 days ago
ManoharLakkoju-MSFT
commented
1 day ago @rorydonaldson Thanks for your feedback! We will investigate and update as appropriate.
ManoharLakkoju-MSFT
commented
1 day ago @rorydonaldson It would be great if you could add a link to the documentation you are following for these steps? This would help us redirect the issue to the appropriate team. Thanks!
rorydonaldson
commented
1 day ago @rorydonaldson It would be great if you could add a link to the documentation you are following for these steps? This would help us redirect the issue to the appropriate team. Thanks!
The documentation is here: https://learn.microsoft.com/en-us/azure/virtual-network/service-tags-overview And the incorrect IP ranges are here: https://www.microsoft.com/en-us/download/details.aspx?id=56519
The latest published IP ranges -
ServiceTags_Public_20240916lists the IP ranges forAzureActiveDirectory.When using SCIM provisioning on Snowflake, I need to add the IPs to the Snowflake account level network policy allow list.
I can see the some REST events are coming through onto Snowflake, originating from the follow IPs:
These IPs exist under ranges in AzureCloud, AzureCloud.westeurope, and AzureCloud.northeurope but not AzureActiveDirectory.
The AzureActiveDirectory service tag needs updated to include all IP ranges used for SCIM provisioning, to ensure applications can have an effective whitelist. Adding the entire AzureCloud list is not appropriate.