Happy new year!
If you need to restrict the access to SPO to a range of predefined IP’s/subnets, it is possible to do it by using the following PowerShell command:
Set-SPOTenant -IPAddressEnforcement $true -IPAddressAllowList 130.10.1.0/20
So, when the user of the designated range, try to access, will receive an error message
That’s all!
Albandrod's Memory 
Can we use different IP address lists for different sites within the same tenant? For example, one list for x.sharepoint.com/sites/y and another list for x.sharepoint.com/sites/z?
LikeLike
By IP… I think that this is much complicated… And the easy answer is no. The difficult answer would be yes, but with some “but” in in. First you will need to configure the app restriction in the admin center,, configure by PS the SC that you want to restrict, and finally use the CA to complete the solution. There is a bunch of things that first you will need to consider.
LikeLike
Have you tried this cmdlet personally and found it worked? I tried t this one and also multiple other combination only to get the below error
You are setting IPAddressEnforcement to true, but the allow list of IPAddresses is empty. Please set it using the IPAddressAllowList parameter
LikeLiked by 1 person
Hi Veera, check out the link: https://docs.microsoft.com/es-es/powershell/module/sharepoint-online/set-spotenant?view=sharepoint-ps
LikeLike