Forum Discussion
Office 365 "Front Door" DNS Zones
Does Microsoft publish all of the DNS Zones that host Office 365 services? In my non-exhaustive research I've come up with this list.
SharePoint - spo-msedge.net
Outlook - k-msedge.net
Teams - s-msedge.net
I've also seen reference to a-msedge.net, c-msedge.net, and c-msedge.net in this article https://docs.microsoft.com/en-us/windows/privacy/windows-endpoints-1709-non-enterprise-editions
4 Replies
- PaulAndrew
Microsoft
Daniel Letsinger What are you trying to solve for here? These particular endpoints you list are examples of Azure Front Door which is used in parts of Office 365. Read about it here https://azure.microsoft.com/en-us/services/frontdoor/
Regards,
Paul
PaulAndrew it looks like I'm not using "font door" in the right context.
I'm trying to find out all of the endpoints that host Office 365, while Microsoft publishes what you see in the browser e.g. company.sharepoint.com, in the https://docs.microsoft.com/en-us/office365/enterprise/urls-and-ip-address-ranges page, there are other hosts behind the URLs that are not in the public documentation. For example in the screen shot I've attached microsoft.sharepoint.com resolves to spo-0004.spo-msedge.net.
Why am I looking for this?
Picture a network where you selectively allow which internet hosts you're allow to resolve, and you want to manage a white list of every internet based domain you're allowed to resolve while not allowing recursive DNS lookups.
- PaulAndrew
Daniel Letsinger Hi Daniel, restricted DNS lookup is not supported. We don't publish intermediary DNS CNAMEs because they are not required for perimeter network configuration. We also don't publish changes that occur in intermediary DNS CNAMEs which is the real problem you would face. Here's a FAQ about the issue: https://docs.microsoft.com/en-us/office365/enterprise/managing-office-365-endpoints#some-office-365-urls-point-to-cname-records-instead-of-a-records-in-the-dns-what-do-i-have-to-do-with-the-cname-records
Regards,
Paul
