• Dana Epp

Pssst... wanna know all of Azure's Datacenter IP Ranges?

OK, it's not really a secret... but its amazing how many people say this stuff is hard to find. It's not. In fact, its in an XML file that Microsoft regularly publishes.

Microsoft Azure Datacenter IP Ranges (Commercial)


Microsoft Azure Datacenter IP Ranges (Government/Sovereign Cloud)

Can't share that here. However, if you have need for this, you can get it upon request. Simply open a case via the Azure Portal with your government subscription.

Office 365 URLs and IP address ranges


Office 365 US Government: Endpoints for US Federal and US Defense Clouds


What about this secret IP I keep seeing of

It's not a secret. Microsoft uses this as a virtual public IP address that is used to facilitate a communication channel to internal platform resources for the bring-your-own IP Virtual Network scenario. Because the Azure platform allow customers to define any private or customer address space, this resource must be a unique public IP address. It cannot be a private IP address as the address cannot be a duplicate of address space the customer defines.

The virtual public IP address is used in all regions, all sovereign clouds, and will not change. Therefore, it is recommended that this IP be allowed in any local firewall policies. It should not be considered a security risk as only the internal Azure platform can source a message from that address. Not doing so will result unexpected behavior in a variety of scenarios.