How to use the What If tool to check Azure AD conditional access policies

Modified on Wed, 06 Jul 2022 at 02:49 AM

This article covers how to use the What If tool to identify any policies that might be blocking access to CoreView service accounts.


Overview 

Using the What If tool you can easily identify any the policy that is currently blocking the access of our service accounts (coreview.reports<randomicnumber>@<onmicrosoft domain>) or our management user (4ward365.admin@<onmicrosoft domain>). 

You can find the What If tool on the Conditional Access - Policies page in the Azure portal. (https://portal.azure.com/#blade/Microsoft_AAD_IAM/ConditionalAccessBlade/Policies) 

 

How to use the What If tool: 

1. To start the tool, in the toolbar on top of the list of policies, click What If. 


ShapeGraphical user interface, text, application, email 
Description automatically generated 


2. In the User field type, expand the user or workload identity section, select User and select from     the list one of our accounts (i.e. coreview.reports<randomicnumber>@<onmicrosoft         domain>): 


Graphical user interface, text, application 
Description automatically generated 

 

In the IP address field enter one of the following addresses, and in the location field choose the information appropriate for your location.   

For the Europe Data center, choose 'Ireland' and refer to the following IP addresses  

Azure CCC (EU)         

  • 52.178.220.169 
  • 13.79.166.132 
  • 52.164.205.60 
  • 40.69.61.123 
  • 191.239.215.199 
  • 20.191.46.79

For the USA Data center, choose 'Virginia' and refer to the following IP addresses  

Azure CCC (US East)  

    

  • 52.225.217.154
  • 104.209.147.75 
  • 40.70.44.94 
  • 137.116.90.35 
  • 52.225.222.18 
  • 40.65.233.115  

For the Canadian Data Center, choose 'Quebec City' and refer to the following IP addresses  

Azure CCC (Canada East) 

  • 52.229.116.78 
  • 40.69.100.107 
  • 52.242.35.38 
  • 52.242.126.90 
  • 52.235.47.42 
  • 52.155.24.77

For the GOV Data center, choose 'Virginia' and refer to the following IP addresses  

Azure GCC (US East)  

  • 13.72.21.184 
  • 52.247.175.28 
  • 13.72.21.53 
  • 52.227.221.240

 

Click on What If button and let us know what the evaluation results are. 

Graphical user interface, text, application, email, Teams 
Description automatically generated 


Refer to the following article for more details:  

 

Was this article helpful?

That’s Great!

Thank you for your feedback

Sorry! We couldn't be helpful

Thank you for your feedback

Let us how can we improve this article!

Select atleast one of the reasons

Feedback sent

We apprciate your effort and will try to fix the article