Microsoft
Microsoft
MicrosoftHiPetri-X ,
The issue with Live Events/Stream is that they currently require a wildcard domain *.azureedge.net. This wildcard contains may other Azure based elements other than those two services, and to implement a forced tunnel exception you need both the FQDN and all corresponding IPs that FQDN resolves to. As this isnt the case here, anything outside Live Events/Stream that sits in this namespace would end up getting blocked as you dont have the IP for it. The Live Events team are working on moving the service to dedicated namespaces to facilitate the current remote working requirements but it wont be a quick thing to implement as you can imagine, so unfortunately i dont have an ETA to share at this time. That said, in the interim it should be possible with the IPs provided to offload the traffic using a PAC file, something like the following should do the job. Not ideal i admit, but it is an option.
Paul
function FindProxyForURL(url, host)
{
var direct = "DIRECT";
var proxyServer = "PROXY 10.0.0.199:8080";
//Office 365 Optimize endpoints direct
if(shExpMatch(host, "outlook.office.com")
|| shExpMatch(host, "outlook.office365.com")
|| shExpMatch(host, "contoso.sharepoint.com")
|| shExpMatch(host, "contoso-my.sharepoint.com"))
{
return direct;
}
//Put any other URL based rules here
var resolved_ip = dnsResolve(host);
/* Don't proxy Teams Live Event or Stream traffic*/
if (isInNet(resolved_ip, '72.21.81.200', '255.255.255.255') ||
isInNet(resolved_ip, '152.199.19.161', '255.255.255.255') ||
isInNet(resolved_ip, '117.18.232.200', '255.255.255.255') ||
isInNet(resolved_ip, '192.16.48.200', '255.255.255.255') ||
isInNet(resolved_ip, '93.184.215.201', '255.255.255.255') ||
isInNet(resolved_ip, '68.232.34.200', '255.255.255.255') ||
isInNet(resolved_ip, '192.229.232.200', '255.255.255.255'))
{
returndirect;
}
// Default Traffic Forwarding.
return proxyServer;
}