Office 365 Advanced Security Management is now Office 365 Cloud App Security.
To easily identify sets of IP addresses that you'll use in Office 365 Cloud App Security, such as your physical office IP addresses, you can set up groups of IP address ranges. Defining these ranges lets you tag and categorize them, and then you can use tags and categories to customize how your activity logs and alerts are displayed and investigated.
Each group of IP ranges can be tagged with tag names that you choose, and then the tags can be categorized based on a default list of IP categories (such as Corporate, Administrative, Risky, and VPN). Both IPv4 and IPv6 addresses are supported.
You must be a global administrator or security administrator to perform the procedures in this article.
Tip: Office 365 Cloud App Security is available in Office 365 Enterprise E5 or as an add-on for another Office 365 Enterprise subscription. To view or add to your subscription, as a global admin, sign in to Office 365, and then choose Admin > Billing. For more information about plan options, see Compare All Office 365 for Business Plans.
To set up an IP address range in Office 365 Cloud App Security
As a global administrator or security administrator, go to https://protection.office.com and sign in using your work or school account. (This takes you to the Security & Compliance Center.)
In the Security & Compliance Center, choose Alerts > Manage advanced alerts.
Choose Go to Office 365 Cloud App Security.
On the upper right of the page, click Settings > IP address ranges.
Click the new button, which resembles a plus sign (+).
In the New IP address range window, specify the following values:
Field or list
What to do
Use this field to manage your IP address range and settings. (You won't see this value in activities logs.)
IP address ranges
Specify a range, using network prefix notation (also known as CIDR notation). For example, 192.168.1.0/27 includes the range of values 192.168.1.0 through 192.168.1.31 (inclusive).
Location and Registered ISP
Specify the location and Internet Service Provider (ISP) for the IP address range. This overrides the public fields defined for the addresses, which is helpful for cases, such as an IP address is that is considered publicly to be in Ireland but is actually in the U.S.
Use tags to name your groups of IP addresses. (Unlike the Name field, you will see Tags in activity logs.) Type a word or phrase that you want to use for a tag. You can add as many tags as you like for each IP address range. And if you've already set up a tag and you want to add this IP address range to it, choose it from the list of current tags that appear as you start typing.
Assign categories to your tags to make it easier to recognize activities that come from certain IP addresses. Choose from the following options:
Administrative All of the IP addresses of your admins.
Cloud provider The IP address of your proxy in the cloud.
Corporate All of the IP addresses in your internal network, your branch offices, and your Wi-Fi roaming addresses.
Risky Any IP addresses that you consider to be risky, such as suspicious IP addresses you've seen in the past, IP addresses in your competitors' networks, and so on. By default, the Risky categories includes two IP tags: Anonymous proxy and Tor
VPN Any IP addresses that your remote workers use.
After you set up your IP address ranges, keep in mind that only future events are affected by these changes.
To create policies based on activity, click here.
To create policies based on detecting anomalies, click here.
To see alerts and take actions, click here.