Group your IP addresses to simplify management in Advanced Security Management 

To easily identify sets of IP addresses that you'll use in Office 365 Advanced Security Management, such as your physical office IP addresses, you can set up groups of IP address ranges. Defining these ranges lets you tag and categorize them, and then you can use them to customize the way logs and alerts are displayed and investigated.

Each group of IP ranges can be tagged with whatever tag names you want to use, and then the tags can be categorized based on a default list of IP categories that is included (such as Internal or Risky). Both IPv4 and IPv6 addresses are supported.

To set up an IP address range in Advanced Security Management in the Security & Compliance Center:

  1. Choose Alerts > Manage advanced alerts. On the upper right of the page, click Settings settings icon and select IP address ranges.

    Manage advanced alerts
  2. In the IP address ranges window click+Add IP address range.

    IP address ranges
  3. In the New IP address range window, set the following values:

    New IP address range

New IP address range settings

  • Name This is just to manage your IP address range and its settings. It doesn't appear in the activities log. You'll use the tag name there.

  • IP address range Enter a range that you want to use, and then choose the "+" option. You can enter as many IP addresses and subnets as you like. The format to use is network prefix notations (also known as CIDR notation: for example, That range includes all of the values (inclusive) from through

  • Location and Registered ISP Use these to set a specific location and ISP for the IP address range. This will override the public fields defined for the addresses. That can be useful if, for example, an IP address is considered publicly to be in Ireland but you know it's actually in the U.S.

  • Tags Here's where you name the group of IP addresses, to use when sorting and finding items in the activities log, for example. Just type in a word that you want to use for a tag, and it will be created. You can add as many tags as you like for each IP address range. And if you've already set up a tag and you want to add this IP address range to it, choose it from the list of current tags that will show up as you start typing.

  • Category You categorize your tags to make it easier to recognize activities that come from interesting IP addresses. The categories are provided for you, but you choose which tags and their associated IP addresses are included in each category. There's one exception: The Risky category already includes two IP tags, Anonymous proxy and Tor.

    Here are the categories you can choose from, along with suggestions for the IP address ranges to include in them:

    • Administrative All of the IP addresses of your admins.

    • Internal All of the IP addresses in your internal network, your branch offices, and your Wi-Fi roaming addresses.

    • Risky Any IP addresses that you consider to be risky. For example, suspicious IP addresses you've seen in the past, IP addresses in your competitors' networks, and so on.

    • VPN Any IP addresses that your remote workers use.

    • Cloud proxy The IP address of your proxy in the cloud.

Tip: The category No value includes all activities that have no IP address data.

When you've added all the information, click Create to set up the IP address range group with the values you've chosen.

Related topics

Advanced Security Management (help and how-to)

Connect with an expert
Contact us
Expand your skills
Explore training

Was this information helpful?

Thank you for your feedback!

Thank you for your feedback! It sounds like it might be helpful to connect you to one of our Office support agents.