• Dana Epp

Pssst... wanna know all of Azure's Datacenter IP Ranges?


OK, it's not really a secret... but its amazing how many people say this stuff is hard to find. It's not. In fact, its in an XML file that Microsoft regularly publishes.


Microsoft Azure Datacenter IP Ranges (Commercial)

https://www.microsoft.com/en-us/download/details.aspx?id=41653


Microsoft Azure Datacenter IP Ranges (Government/Sovereign Cloud)

Can't share that here. However, if you have need for this, you can get it upon request. Simply open a case via the Azure Portal with your government subscription.


Office 365 URLs and IP address ranges

https://support.office.com/en-us/article/Office-365-URLs-and-IP-address-ranges-8548a211-3fe7-47cb-abb1-355ea5aa88a2


Office 365 US Government: Endpoints for US Federal and US Defense Clouds

https://support.office.com/en-us/article/Office-365-US-Government-Defense-endpoints-cbd2369c-fd96-464c-bf48-c99826b459ee?ui=en-US&rs=en-US&ad=US


What about this secret IP I keep seeing of 168.63.129.16?

It's not a secret. Microsoft uses this as a virtual public IP address that is used to facilitate a communication channel to internal platform resources for the bring-your-own IP Virtual Network scenario. Because the Azure platform allow customers to define any private or customer address space, this resource must be a unique public IP address. It cannot be a private IP address as the address cannot be a duplicate of address space the customer defines.


The virtual public IP address 168.63.129.16 is used in all regions, all sovereign clouds, and will not change. Therefore, it is recommended that this IP be allowed in any local firewall policies. It should not be considered a security risk as only the internal Azure platform can source a message from that address. Not doing so will result unexpected behavior in a variety of scenarios.

© 2020 by Dana Epp

  • White Twitter Icon
  • LinkedIn - White Circle