Microsoft Security | Microsoft Entra | Microsoft Entra Private Access
Providing secure, identity-based access to private apps and resources without traditional VPNs
Global Secure Access geo-localization issue
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(249.60000000000002, 57.99999999999999%, 34%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ERG%3C/text%3E%3C/svg%3E)
Regano Giuseppe
0
Reputation points
Hello, in our company we have an issue with Global Secure Access client.
We have observed that starting from 12/11/2025, for some users, the Entra ID sign-in logs display IP addresses belonging to Microsoft’s internal backbone network instead of the actual public IPs of the users’ ISPs. This behavior leads to incorrect geo-location resolution, as the sign-ins appear to originate from locations outside Italy (specifically Marseille, France).
As a result, Conditional Access policies configured to restrict sign-ins to Italy only are being triggered incorrectly, blocking legitimate user access.
The issue seems intermittent and primarily affects connections where the traffic is routed through Microsoft’s network infrastructure before reaching the authentication endpoints.
We expected that user sign-ins should display the actual public IP address of the originating network (e.g., the user’s ISP or corporate network), ensuring correct country detection and reliable enforcement of Conditional Access policies.
We didn't changed anyhting on network/systems side.
Does Microsoft changed anything?
Microsoft Security | Microsoft Entra | Microsoft Entra Private Access
{count} votes
-
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(233.6, 85%, 32%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EVS%3C/text%3E%3C/svg%3E)
VEMULA SRISAI 3,090 Reputation points Microsoft External Staff Moderator2025-11-21T05:02:24.8033333+00:00 Hello Regano Giuseppe,
Based on your description, I understand that the IP address geo-location in your Entra ID sign-in logs is incorrectly displaying, which is impacting Conditional Access policies.
It appears that the IP address is currently flagged with an incorrect location in Microsoft’s geolocation database. I’ll need to check with our engineering team to update the IP address geolocation to the correct country.
For this, please share the following details with me via private message:
The IP address shown in the sign-in logs
The failure correlation ID from the affected sign-in events
Your tenant ID
Sign in to comment
Sign in to answer