How to use the “What If” tool to check Azure AD conditional access policies

  • Last update on September 15th, 2023

By using the What If tool you can easily identify any the policy that is currently blocking the access of our service accounts:

coreview.reports<randomicnumber>@<onmicrosoft domain>

or our management user:

 4ward365.admin@<onmicrosoft domain>

You can find the What If tool on the “Conditional Access - Policies” page in the Azure portal.

How to use the What If tool:

Step 1

To start the tool, in the toolbar on top of the list of policies, click “What If”. 

Step 2

In the User field type, expand the user or workload identity section, select User and select from the list one of our accounts (i.e. coreview.reports<randomicnumber>@<onmicrosoft domain>): 

  • In the IP address field: enter one of the addresses. Refer to the “List of IP addresses” for the IP addresses of each data center.
  • In the location field: choose the information appropriate for your location
For the… Choose… IP addresses
Europe Data center Ireland Azure CCC (EU)
USA Data center Virginia Azure CCC (US East)
Canadian Data Center Quebec City Azure CCC (Canada East)
GOV Data center Virginia Azure CCC (US East)
Australian Data center New South Wales Azure AUS (Australia)

List of IP addresses

Data centers and IPs

Europe: North Europe - Ireland
US: East US - Virginia
Canada: Canada East - Quebec
Government: US Gov Virginia - Virginia
Australia: Australia East - New South Wales

Click on “What If” button and let us know what the evaluation results are. 

Refer to the Microsoft documentation for more details.