Forum Discussion
How to make users connect to Exchange online without Internet
I have some users in our office ,they can't access internet for some reasons. I have aleady add the Urls and IP address ranges for Office 365 to my firewall to allow users access. but when I create outlook profile on user's outlook, they can't get autodiscover.xml ande create profile failed. If I allow user to connect internet ,the profile will be created success ,and open outlook normally. Then I deny the user to connect internet, they still can uses outlook nomarlly. But 2-3 weeks later, they will can't open outlook ,and receive the alert that then cant connect the exhange online sever. if I delete the profile and retry to create the profile, I will meet the same issue again. I didn't konw why we have the issues? If I have some mistakes on my firewall about URLS and IP address ranges for Offfice365. Why I can use outlook without Internet after I have created outlook profile. If I have not mistakes, why I can't create profile without
4 Replies
- This is a common problem if you are restricting access to the internet for your end users. Using names instead of IP addresses is recommended if your network equipment can do that. You may need to use a network trace to see what is being blocked and open that up. Microsoft do change the backend details on occasion, so you'll just need to keep an eye on this and make network changes as required.
- I don't konw why some of users without internet can access Exchange Online via Outlook, but others cann't. Unless they access Exchange Online by different IP and URL? This is a very complex question!
I feel you pain ! Was in a similar situation sometime back and in the end it boiled down to new set of IP addresses being used by Microsoft in addition to office 365 IP ranges to route the connection! the list keeps changing, most of the times the IPs related to exchange online workload are static but the IPs MS uses to route your connection to EXO change. To isolate, when you are trying to create a profile and getting failures check firewall for packet drops against MS IP addresses and see if you can find IPs related to MS which you have not whitelisted !
Yeah, I couldn't agree more with you. I seem to find some way to resolve the issue. Our firewall is PaloAlto, the firewall have a External Dynamic List service, PaloAlto providers publish lists of IP addresses and URLs as destination endpoints for their SaaS applications. The EDL service have M365 IP AND URL. So I create a policy for the IP and URL list.The client now can access exchange online normal after I commit the policy. I hope the policy can resolve all issues. I also find somebody create a powershell script to get IP and URL list from Internet. Maybe you can try it.
