Hey there! I'm looking into a way to block Tor exit nodes for our corporate devices using conditional access in Entra. My setup includes Defender XDR and Applocker, managed via Intune, but I run into issues with personal devices accessing Office 365 since they aren't covered by our current security measures. I found that Tor exit node lists are publicly available, although the IPv6 list isn't directly from the Tor Project. I scripted updates through Azure Automation to pull both IPv4 and IPv6 lists and ensure they're current. The script wipes existing CIDRs each time to keep everything up to date, and it uses a managed identity to interact with Microsoft Graph. Just wondering if anyone has thoughts on this approach or potential pitfalls I should consider?
1 Answer
Just a heads up! While you've done solid work, keep in mind that there are private Tor exit nodes that might not show up in your lists. Attackers could use these or could jump from other devices in the country that aren't using Tor. Don’t rely solely on this as a security measure; it's part of a larger strategy.
Exactly! Security layers are key. I also wonder about the sanitation of the IPs in your script. It checks for their validity technically, but it's worth looking into how it handles invalid or problematic entries. Always room for improvement!
Totally agree! It's like relying on just a cheap lock to deter thieves. It might help with some but not all threats. Just don't rely on it too heavily!