IP Whitelisting for Mercury Support

Improve your security by restricting access to the Mercury Support account.

Summary Overview

For those customers who would like to further improve their security, we are able to restrict access to the Mercury Support account used to log into Customer Environments.

After adding in the access restriction from Mercury’s side, those connecting to Customer URLs through Mercury Support accounts, will be shown coming from a specific IP address.

Using Conditional Access, the customer can restrict logins for the Mercury Support account from all sources and whitelist the IP address as an exception.

Once happy to proceed, the customer may follow with the steps below after which only the IP address should be able to login via the Mercury Support account to the customer’s tenancy for support purposes.

 

Prerequisites

As Mercury will need to make a configuration change on their side first, Customers will need to first talk with their Mercury Customer Success Manager to arrange the change. 

The steps below should only be carried out by your organisation's System Administrator or an experienced IT professional. 

 

IP addresses that you will need to add

1. Go to this article - Mercury IP ranges for whitelisting - to see the list of IP addresses. These will be the IP addresses that you will need to add into the Conditional Access Policy.

2. Look for IPs under the names Mercury Technical Staff and Mercury Head Office.

 

Step-by-Step Instructions

Creating the Conditional Access Policy

1. Navigate to Microsoft Entra ID > Security > Conditional Access > Named Locations

A screenshot of a computer AI-generated content may be incorrect.

 

2. Add the IPs to a named location record called Mercury Support (or something relevant).

You may need to include a range (/32) and tick Mark as a Trusted Location.

A screenshot of a computer AI-generated content may be incorrect.
 

3. Navigate to Policies under Conditional Access

A screenshot of a computer AI-generated content may be incorrect.
 

4. Click +New Policy.

5. Under Assignment > Users, select the Mercury Support user.

A screenshot of a computer AI-generated content may be incorrect.

 

6. Under Target Resources select All resources.





7. Under Conditions select Locations and then select the one created earlier.

A screenshot of a computer AI-generated content may be incorrect.

 

8. Under Access Controls select Grant Access.

A screenshot of a computer AI-generated content may be incorrect.

 

9. It is recommended to select Report-only for a short time to see if the Policy is working as expected (this does not apply the policy).

If the policy is working as expected, then the customer may switch the policy to ON.

A screen shot of a computer AI-generated content may be incorrect.

That's it! You have now set up a Conditional Access Policy that restricts Mercury Support account access from all sources except the IP addresses provided above.

 

Additional Information

Links and References

https://learn.microsoft.com/en-us/entra/identity/conditional-access/overview

https://learn.microsoft.com/en-us/entra/identity/conditional-access/policy-block-by-location

Have any feedback on this article? Let us know or ask the Community if you need more help.