I've been analyzing the sign-in logs for users accessing Exchange Online from a specific shared office location. Rather than seeing a consistent public IP address that I could use for establishing a trusted location in our Conditional Access policies, I'm noticing that every device is displaying a unique IP address. Interestingly, this public IP does not match what the device shows locally and isn't the same as what's revealed through web IP checks. I'm curious about what network topologies might lead to this behavior when connecting to services like Exchange Online.
1 Answer
It sounds like NAT or proxies could be playing a role here. Typically, you'd expect a shared public IP if those devices were behind the same NAT or proxy. However, if the sign-in logs show unique IPs but they fall within a narrow range, it could be indicative of a shared IP pool.
But shouldn't a NAT or proxy result in a shared public IP? The fact that these have different IPs means they might be coming from a limited range.