ManoharLakkoju-MSFT
commented
1 month ago @rorydonaldson Thanks for your feedback! We will investigate and update as appropriate.
Open rorydonaldson opened 1 month ago
ManoharLakkoju-MSFT
commented
1 month ago @rorydonaldson Thanks for your feedback! We will investigate and update as appropriate.
ManoharLakkoju-MSFT
commented
1 month ago @rorydonaldson It would be great if you could add a link to the documentation you are following for these steps? This would help us redirect the issue to the appropriate team. Thanks!
rorydonaldson
commented
1 month ago @rorydonaldson It would be great if you could add a link to the documentation you are following for these steps? This would help us redirect the issue to the appropriate team. Thanks!
The documentation is here: https://learn.microsoft.com/en-us/azure/virtual-network/service-tags-overview And the incorrect IP ranges are here: https://www.microsoft.com/en-us/download/details.aspx?id=56519
ManoharLakkoju-MSFT
commented
1 month ago @rorydonaldson Thank you for bringing this to our attention. I've delegated this to content author @asudbring, who will review it and offer their insightful opinions.
The latest published IP ranges -
ServiceTags_Public_20240916lists the IP ranges forAzureActiveDirectory.When using SCIM provisioning on Snowflake, I need to add the IPs to the Snowflake account level network policy allow list.
I can see the some REST events are coming through onto Snowflake, originating from the follow IPs:
These IPs exist under ranges in AzureCloud, AzureCloud.westeurope, and AzureCloud.northeurope but not AzureActiveDirectory.
The AzureActiveDirectory service tag needs updated to include all IP ranges used for SCIM provisioning, to ensure applications can have an effective whitelist. Adding the entire AzureCloud list is not appropriate.