Restrict access to SPO based on IP

Posted by

Happy new year!

If you need to restrict the access to SPO to a range of predefined IP’s/subnets, it is possible to do it by using the following PowerShell command:

Set-SPOTenant -IPAddressEnforcement $true -IPAddressAllowList

So, when the user of the designated range, try to access, will receive an error message

That’s all!


  1. Can we use different IP address lists for different sites within the same tenant? For example, one list for and another list for


    1. By IP… I think that this is much complicated… And the easy answer is no. The difficult answer would be yes, but with some “but” in in. First you will need to configure the app restriction in the admin center,, configure by PS the SC that you want to restrict, and finally use the CA to complete the solution. There is a bunch of things that first you will need to consider.


Leave a Reply to albandrod Cancel reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s