This article shows how to proceed if you are getting a “Blocked by conditional access” message due to the location condition in your Microsoft Entra ID (formerly known as Azure Active Directory). The location condition is the most common condition and enables you to tie access controls to the network locations of your users.
The error can occour when setting up a DocumentsCorePack or AttachmentExtractor service indicating that we cannot access your Dynamics 365 instance due to the conditional access settings in your Microsoft Entra ID:
Figure 1: Error message: Blocked conditional access
How to fix?
To avoid this error you will need to whitelist the IP ranges of the mscrm-addons.com services to allow for connecting our service to your Dynamics 365 instance:
- Configuration Website (Mandatory): Required to use our online service configuration to deploy and configure our solutions. We have different regions in place to which you get automatically redirected based on your location. Note: You will need to whitelist all IPs of the according region
- Europe & Africa (default)
- Customer location: Europe, Africa
- IPs to whitelist (mandatory after 30th June 2024): 52.236.18.167
- IPs to whitelist (mandatory until 30th June 2024): 168.63.53.239, 168.63.54.28, 168.63.55.25, 168.63.53.163, 168.63.54.173, 168.63.53.240, 168.63.54.122, 168.63.54.38
- North, Central & South America:
- Customer location: United States, Canada, Mexico, Argentina, Barbados, Bolivia, Brazil, Bahamas, Chile, Colombia, Costa Rica, Ecuador, Guatemala, Nicaragua, Panama, Peru, Puerto Rico, Paraguay
- IPs to whitelist (mandatory after 30th June 2024): 172.171.90.48
- IPs to whitelist (mandatory until 30th June 2024): 20.81.69.75, 20.81.69.89, 20.81.69.92, 20.81.69.103, 20.81.69.104, 20.81.69.108, 20.81.69.119, 20.81.69.148, 20.81.68.204, 20.81.69.150, 20.81.69.165, 20.81.69.169, 20.81.69.171, 20.81.69.172, 20.81.69.179, 20.81.69.193, 20.81.69.239, 20.81.69.251, 20.81.70.21, 20.81.69.41, 20.81.70.35, 20.81.70.45, 20.81.70.58, 20.81.70.79, 20.81.70.82, 20.81.70.102, 20.81.70.107, 20.81.70.115, 20.81.70.163, 20.81.64.156, 20.49.104.43
- Australia, Asia & Middle East
- Customer location: Australia, New Zealand, Bahrain, China, United Arab Emirates (UAE), India, Indonesia, Israel, Japan, Jordan, Cambodia, Qatar, Kuwait, Lebanon, Malaysia, Philippines, Saudi Arabia, Singapur, South Korea, Thailand, Vietnam
- IPs to whitelist (mandatory after 30th June 2024): 4.196.24.184
- IPs to whitelist (mandatory until 30th June 2024): 20.211.143.16, 20.211.143.37, 20.211.138.74, 20.211.137.49, 20.211.137.176, 20.227.40.122, 20.227.40.150, 20.227.40.172, 20.227.40.201, 20.227.41.65, 20.227.41.121, 20.92.132.139, 20.227.41.187, 20.227.42.4, 20.227.42.47, 20.227.42.94, 20.227.42.100, 20.227.42.189, 20.227.42.231, 20.227.42.241, 20.227.43.52, 20.211.141.120, 20.227.43.68, 20.227.43.190, 20.227.43.249, 20.53.191.2, 20.227.44.15, 20.227.44.171, 20.227.44.214, 20.227.44.242, 20.211.64.14
- Europe & Africa (default)
- DocumentsCorePack service location: When setting up a DocumentsCorePack Service you can choose the data center it should be hosted in. The IP Address of the corresponding data center needs to be added (How to find the data center of my service?)
- UK Public: 20.0.231.52
- UK Public 2: 172.167.160.161
- UK South: 52.151.73.217
- UK West: 51.104.60.28
- EU North Public2: 40.115.109.232
- EU North Live1: 52.164.188.105
- EU North Live5: 40.113.90.52
- EU North Live8: 23.102.16.148
- EU North Live2: 168.63.74.175
- EU West Live1: 104.214.237.148
- EU West Live2: 40.74.52.6
- EU West Live3: 52.174.69.125
- EU West Live6: 40.68.253.71
- EU West Public: 20.126.75.194
- US Central: 40.69.141.181
- US East2: 52.167.112.212
- US West2: 13.91.55.23
- South Central US: 23.102.182.180
- ASIA South East: 168.63.252.233
- Australia East: 13.73.199.37
- Australia Central: 20.36.33.201
- EU Germany Public: 20.52.152.52
- AttachmentExtractor service location: When setting up an AttachmentExtractor Service you can choose the data-center it should be hosted in. The IP Address of the corresponding location needs to be added (How to find the data center of my service?)
- Australia East: 52.237.244.222
- North Europe: 13.74.177.65
- East US: 40.76.16.172
- US Central: 40.69.141.181
- UK South: 52.151.73.217
- UK West: 51.137.131.200
- DocumentscorePack PowerPlatform connector: If you plan to use our connector for PowerApps and PowerAutomate you will need to whitelist the following IPs:
- Mandatory for using the v4 of our Connector and after 30th June 2024:
- Europe & Africa: 20.13.198.111, 52.236.16.36
- North, Central & South America: 20.185.49.237, 20.185.50.205
- Australia, Asia & Middle East: 20.191.250.31, 20.191.250.65
- Mandatory until 30th of June 2024:
- 13.69.228.10
- 52.164.222.21
- 52.164.220.227
- 52.164.217.107
- 52.164.217.78
- 52.164.217.56
- 52.164.220.102
- 52.169.151.169
- 52.164.217.164
- 104.41.230.241
- Mandatory for using the v4 of our Connector and after 30th June 2024:
That’s it! We appreciate your feedback! Please share your thoughts by sending an email to support@mscrm-addons.com.