Group your IP addresses to simplify management in Office 365 Cloud App Security

Evaluation > Planning > Deployment > Utilization
Start evaluating
Start planning
You are here!
Next steps
Start utilizing

To easily identify sets of IP addresses that you'll use in Office 365 Cloud App Security, such as your physical office IP addresses, you can set up groups of IP address ranges. Defining these ranges lets you tag and categorize them, and then you can use tags and categories to customize how your activity logs and alerts are displayed and investigated.

Each group of IP ranges can be tagged with tag names that you choose, and then the tags can be categorized based on a default list of IP categories (such as Corporate, Administrative, Risky, and VPN). Both IPv4 and IPv6 addresses are supported.


You must be a global administrator or security administrator to perform the procedures in this article. To learn more, see Permissions in the Office 365 Security & Compliance Center.

To set up an IP address range in Office 365 Cloud App Security

  1. As a global administrator or security administrator, go to the Cloud App Security portal ( and sign in.

  2. On the upper right of the page, click Settings > IP address ranges.
    In O365 Cloud App Security, choose Settings to access your system and data settings

  3. Click the new button, which resembles a plus sign ( +).

  4. In the New IP address range window, specify the following values:

Field or list What to do
Use this field to manage your IP address range and settings. (You won't see this value in activities logs.)
IP address ranges
Specify a range, using network prefix notation (also known as CIDR notation). For example, includes the range of values through (inclusive).
Location and Registered ISP
Specify the location and Internet Service Provider (ISP) for the IP address range. This overrides the public fields defined for the addresses, which is helpful for cases, such as an IP address is that is considered publicly to be in Ireland but is actually in the U.S.
Use tags to name your groups of IP addresses. (Unlike the Name field, you will see Tags in activity logs.) Type a word or phrase that you want to use for a tag. You can add as many tags as you like for each IP address range. And if you've already set up a tag and you want to add this IP address range to it, choose it from the list of current tags that appear as you start typing.
Assign categories to your tags to make it easier to recognize activities that come from certain IP addresses. Choose from the following options:
Administrative All of the IP addresses of your admins.
Cloud provider The IP address of your proxy in the cloud.
Corporate All of the IP addresses in your internal network, your branch offices, and your Wi-Fi roaming addresses.
Risky Any IP addresses that you consider to be risky, such as suspicious IP addresses you've seen in the past, IP addresses in your competitors' networks, and so on. By default, the Risky categories includes two IP tags: Anonymous proxy and Tor
VPN Any IP addresses that your remote workers use.
  1. Choose Save.

After you set up your IP address ranges, keep in mind that only future events are affected by these changes.

Next steps