Restrict access to SPO based on IP

Happy new year!

If you need to restrict the access to SPO to a range of predefined IP’s/subnets, it is possible to do it by using the following PowerShell command:

Set-SPOTenant -IPAddressEnforcement $true -IPAddressAllowList

So, when the user of the designated range, try to access, will receive an error message

That’s all!


4 thoughts on “Restrict access to SPO based on IP

  1. Can we use different IP address lists for different sites within the same tenant? For example, one list for and another list for


    1. By IP… I think that this is much complicated… And the easy answer is no. The difficult answer would be yes, but with some “but” in in. First you will need to configure the app restriction in the admin center,, configure by PS the SC that you want to restrict, and finally use the CA to complete the solution. There is a bunch of things that first you will need to consider.


  2. Have you tried this cmdlet personally and found it worked? I tried t this one and also multiple other combination only to get the below error

    You are setting IPAddressEnforcement to true, but the allow list of IPAddresses is empty. Please set it using the IPAddressAllowList parameter

    Liked by 1 person

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s