Skip to main content

Check out Interactive Visual Stories to gain hands-on experience with the SSE product features. Click here.

Skyhigh Security

Troubleshoot IP Geolocation Access in Microsoft Entra

  1. Last updated
  2. Save as PDF

When you access Azure through Skyhigh Security proxy IP addresses with Microsoft Entra Conditional Access, the connection may be blocked. Microsoft systems misidentify these proxy IPs (for example, 131.229.128.9/17) as located in the US/Texas. This incorrect geolocation conflicts with location-based Conditional Access policies and blocks legitimate sessions, with Azure logs showing Access has been blocked by Conditional Access policies error message. 

This issue occurs due to Microsoft’s inaccurate IP geolocation for Skyhigh Security proxy IP addresses. The mismatch between the reported and actual user region leads to Conditional Access policies blocking valid connections. 

To resolve blocked access, you can retrieve the Azure Correlation ID and collaborate with both Skyhigh Security Support and Microsoft to correct the IP localization. As a temporary workaround, you can review Entra policies to remove location restrictions for affected proxy IP addresses or contact Skyhigh Security Support to reroute traffic through known Points of Presence (PoPs).

Workaround

You can resolve blocked access by either modifying the Entra policy or working with Skyhigh Security Support to temporarily reroute traffic.

Modify the Entra Policy

You can review the Conditional Access policy and remove the Determine location by IP address restriction for the affected proxy IPs (131.229.128.9/17).

Contact Skyhigh Security Support for Temporary Rerouting

If modifying the Entra policy is not possible, contact Skyhigh Security Support and open a Microsoft ticket to temporarily reroute traffic through known Points of Presence (PoPs).

Solution

Follow the steps below to resolve the blocked access:

  1. Retrieve the Azure Correlation ID  for the blocked access.
  2. Open a support ticket with Skyhigh Security Support and provide:
    1. The Azure Correlation ID.
    2. Details of the user’s Azure account for collaborative resolution.
  3. Open a Microsoft support ticket (if requested by Skyhigh Security Support) and:
    1. Request correction of the IP localization to the accurate country for the impacted IP address only.
    2. Provide the Azure Correlation ID.
    3. Share the Microsoft ticket reference with Skyhigh Security Support.

NOTE: Skyhigh recommends opening individual tickets for each impacted IP address or user case with Microsoft. 

  1. Back to top
  • Was this article helpful?

Recommended articles

  1. Article type
    Topic
  2. Tags
    This page has no tags.