Check and Fix ATTIC Named Location [CHK-1107]
This check ensures the "[ATTIC] hosts" named location in Azure AD exists and is correctly configured with the required IP addresses for proper access control.
Rationale
The "[ATTIC] hosts" named location is crucial for Attic Security's access to your environment. If access is blocked, Attic cannot function. Therefore, exceptions sometimes need to be made in Conditional Access for Attic's IP addresses, which are best managed using Named Locations.
Fix
An automated fix is available through Attic. This will be performed automatically on your environment since the change has no effect on your configuration. A ticket will be created but will be closed almost immediately.
To fix it yourself:
If the "[ATTIC] hosts" named location does not exist in Azure AD:
- Navigate to Azure Portal > Conditional Access > Manage > Named locations
- Create a new named location with the exact name "[ATTIC] hosts"
- Add the IP addresses: 95.217.146.238/32, 136.243.149.95/32, 148.251.165.193/32
- Mark it as a trusted location
If the "[ATTIC] hosts" named location exists but is missing IP addresses:
- Navigate to Azure Portal > Conditional Access > Manage > Named locations
- Edit the "[ATTIC] hosts" named location
- Add the missing IP address(es)
- Ensure the location remains marked as trusted
Impact
After the fix, the "[ATTIC] hosts" named location will be correctly configured, ensuring Attic Security has appropriate access to your Microsoft tenant. This centralizes ATTIC IP addresses in a managed location, improving security and simplifying access management.