Azure AD B2C: Policy IP Addresses to Allow Access to Custom Policy HTML Templates

Question

We are using Azure AD B2C (still in preview) to authenticate customers to our application.

We are going to use custom html templates for our sign-in experience and sign-up (gives us more power over format and links outside of MS content).

Since our development environment is on a restricted network, the Systems Engineers would like to restrict access to those resources to a range or set of IP Addresses.

We could just monitor traffic while we test, and then add those IPs we see, but it would be nice if there were a list somewhere (I've looked, but I can't find anything).

At the very least and regardless, we will end up restricting access from outside the network to just those specific files.

Does Microsoft provide that range of IP addresses that will be requesting the content?

Answer 1

As it turns out, I was misunderstanding how the templates work. Microsoft uses JavaScript to download the custom template, so it's actually the users browser that retrieves the content and not Azure servers. This is why you need to enable CORS in your application.

The solution is to simply allow access to login.onmicrosoft.com from the DEV and TEST environments so that users can be redirected to the sign-in and sign-up pages/policies. Access to your environments does not need to be given to any Microsoft servers.

For those interested in seeing the ranges anyways, I found the following file by searching for "ip addresses used by azure": https://www.microsoft.com/en-us/download/details.aspx?id=41653