Share via

Geolocalization problems with /21s

Costa-Rica-01 0 Reputation points
2026-03-12T20:33:18.85+00:00

We are an ISP that recently acquired two /21 IP blocks:

  • One block was originally allocated by ARIN to a US-based carrier and later transferred to our organization. It is now registered under our ASN and correctly shows our country in ARIN's WHOIS.
  • The other block was acquired through a RIPE-registered IP broker and transferred to our organization in January 2026. It is correctly registered in RIPE's database under our organization with

the proper country code.

Despite both blocks being properly registered in their respective RIRs with our correct country and organization, Microsoft's geolocation database still maps them to the United States (the

previous owner's location).

This incorrect geolocation is causing issues with Microsoft services that rely on location data, such as Azure AD Conditional Access and Teams.

We would like to request a geolocation update for these prefixes. We can provide the specific AS number, IP blocks, and RIR registration details privately.

Microsoft Security | Microsoft Entra | Microsoft Entra ID

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Raja Pothuraju 47,080 Reputation points Microsoft External Staff Moderator
    2026-04-09T13:00:20.9766667+00:00

    Hello @Costa-Rica-01,

    I have received an update from our engineering team that they have the IP address with correct location. Please check your sign-ins and let me know if it still shows incorrect location at your end.

    • Incorrect Location: United States, Utah, Lehi
    • Correct Location: Costa Rica, San Jose, San Jose

    I hope this information is helpful. Please feel free to reach out if you have any further questions.

    0 comments
  2. Q&A Assist
    2026-03-12T20:33:34.6366667+00:00
    AI generated content. This question contains an answer created with AI from Q&A Assist. Learn more

    Microsoft Sentinel’s geolocation enrichment is based on Microsoft’s internal IP intelligence data, not directly on RIR WHOIS, so newly transferred prefixes can continue to resolve to the previous owner’s country until Microsoft’s data is updated.

    For services that use this geolocation (for example, Conditional Access decisions that depend on IP location), the only supported way to influence the result is to have Microsoft update the internal IP intelligence for the affected prefixes.

    The documented, product-level interface to that data is the Microsoft Sentinel Geolocation Data API, which exposes the current view of an IP’s location:

    GET https://management.azure.com/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.SecurityInsights/enrichment/ip/geodata/?ipaddress={ipAddress}&api-version={api-version}

    The response includes fields such as country, region, city, latitude, longitude, and organization, which reflect Microsoft’s current geolocation for that IP.

    To resolve the issue for the two /21 blocks:

    1. Use the Geolocation Data API for sample IPs in each /21
      • Call the API for several representative IPs from each prefix.
      • Confirm that country (and related fields) still show the United States.
    2. Open a support case with Microsoft
      • Because the IP-to-location mapping is maintained internally, corrections must be requested through Microsoft support.
      • In the support request, provide:
        • The affected prefixes (both /21s).
        • Your ASN.
        • RIR registration details (ARIN/RIPE records showing your organization and country).
        • Example IPs and the incorrect geolocation results from the Geolocation Data API.
      • Ask for an update of Microsoft’s IP intelligence/geo database for those prefixes so that services such as Entra ID Conditional Access and Teams reflect the correct country.
    3. Validate after Microsoft updates the data
      • Once Microsoft confirms the update, re-query the same IPs via the Geolocation Data API.
      • Verify that country and related fields now show your country instead of the United States.
      • After propagation, Conditional Access and other Microsoft services that rely on this data should begin using the corrected location.

    Note: The Geolocation Data API is rate-limited to 100 calls per user per hour, so testing should be done with a limited set of sample IPs.

    References:

    0 comments

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.