Home
Microsoft

Announcing: Office 365 endpoint categories and Office 365 IP Address and URL web service

Microsoft recently published a set of connectivity principles for Office 365 which provides concise guidance on the recommended ways of achieving optimal performance and connectivity to Office 365. The first of these principles is to Identify and differentiate Office 365 network traffic using Microsoft published endpoints. Endpoints include IP Addresses and URLs that are used to connect to Office 365.

 

Today we are releasing a preview of a new web service that publishes these endpoints making it easier for enterprise customers to evaluate, configure, and stay up to date with changes in Office 365 network endpoints. These web services will eventually replace the HTML, XML, and RSS data published today at http://aka.ms/o365ip. Usage documentation for the IP Address and URL web services are detailed in Managing Office 365 Endpoints – Web Service.

 

We are also publishing three categories for Office 365 network endpoints as attributes of this data:

  • Optimize for a small number of endpoints that require low latency unimpeded connectivity which should bypass proxy servers, network SSL break and inspect devices, and network hairpins.
  • Allow for a larger number of endpoints that benefit from low latency unimpeded connectivity. Although not expected to cause failures, we also recommend bypassing proxy servers, network SSL break and inspect devices, and network hairpins. Good connectivity to these endpoints is required for Office 365 to operate normally.
  • Default for other Office 365 endpoints which can be directed to the default internet egress location for the company WAN.

Use of these categories, how they simplify connectivity to Office 365, and what actions you can take to make use of them is detailed in Office 365 Network Connectivity Principles.

 

Benefits for administrators from the Office 365 IP Address and URLs web service and the new categories include:

  • Automation of Office 365 endpoint data and changes publishing
  • System readable data for direct network device integration that is also script friendly
  • Data available in JSON for scripts or CSV format for Excel
  • Includes the first release of new Optimize, Allow, Default categorization of Office 365 endpoints
  • Includes ExpressRoute routable flag for each endpoint
  • Version change notification published alongside the data
  • All provided attributes are supported by owning development teams
  • COMING SOON: Template PAC files based on the endpoint details

With this announcement we will be asking customers who use the previous IP/URL publishing in HTML, XML, and RSS to migrate to these web services.

 

During preview we’ll work to ensure that the data is accurate, but we will not be providing support outside of business hours. We will be seeking feedback from network device vendors and enterprise customers. The web services are in preview now, and we encourage you to start migrating any scripts that you have for working with this data today. While in preview, you should not rely on the data from the web services in production. Also while in preview only the Office 365 worldwide commercial instance is annotated with endpoint categories. Endpoints for other service instances such as US Gov GCC High and others are temporarily all set to Allow. We plan to make these supported and with GA status in the coming months.

 

There is a sample PowerShell script on the IP/URL web service usage documentation page so please try it out and let us know your feedback.

 

Documentation and links:

24 Comments
Great news @Paul Andrew, many thanks for sharing !
Occasional Visitor
Thanks Paul, good read! – that should give our network team aa bit to look at - We've had a few challenges with connectivity and latency down at the end of the wet string that comes to the long white cloud - especially having an Express Route alongside for Azure connectivity and playing whack-a-mole with asymmetric routes. Hope you and the family are well :)
Microsoft

Hi Adrian, great to hear from you. Send me your Office 365 network performance challenges offline. Would be great to chat about them and catch up.

Occasional Visitor

This is great news for automation. For smaller shops that don't have dedicated network admins (like my organization), will there be some how-to's or FAQ's to create human-readable versions from the web service? Current documentation is a bit arcane for those of us who don't deal with REST or other web API interactions on a regular basis.

Microsoft

@Ryan Sheldon Absolutely. We're keen to get the feedback. What scenarios are on your wish list?

it will make many of us life easier - automation is the way to go 

Spoiler
 

Good job!!


 

New Contributor

Please keep the RSS feed alive. We need human control over this process, especially given how many times in the past there have been typos, mistakes, discrepancies between sources (XML, RSS, reference page), etc. with the current process. We cannot only rely on a hardly readable JSON file for this, especially when there are numerous changes every month. Thanks.

Any EOL on the RSS feed? Many vendors now have solutions parsing those.

Microsoft

The current XML/RSS files and the tables with URLs and IP Address ranges in the HTML page are planned to stay current until October 2nd, 2018. The new /changes endpoint contains structured changes which are more easily parsed for specific endpoint changes than the RSS feed which only structured as RSS format. There's no impact to Office 365 services with this change but people will need to migrate their RSS readers to something that reads the new web services before then to get updates to Office 365 endpoints. Message Center post MC133236 is published detailing the change required.

Frequent Visitor

This is great news for automation. For smaller shops that don't have dedicated network admins (like my organization), will there be some how-to's or FAQ's to create human-readable versions from the web service? Current documentation is a bit arcane for those of us who don't deal with REST or other web API interactions on a regular basis.

Absolutely. Please do not end the web page view. We copy and past the IP's directly into firewalls now.

Occasional Visitor

Absolutely. We're keen to get the feedback. What scenarios are on your wish list?

 

@Paul Andrew Most common for us is needing to validate which URL's or IP ranges are in use when we encounter network traffic issues, usually with a firewall or AV product. The security appliances we use from Meraki and SonicWall also don't currently seem to have hooks to point to web services to update lists for exceptions, so we need to be able to parse/copy/paste the current lists.

 

The currently hinted at method in the existing documentation to export the current ranges to a CSV table could work, I just feel like I'm missing some necessary knowledge or tools to actually go through that process.

 

Will this change also affect the non-global Office 365 URL/IP lists? (21 Vianet, Germany, GovCloud, etc.) Documentation that explicitly shows how to access those specific values or at least shows where to plug in the appropriate variables would help.

The main point for me is that deprecate also an HTML version is something away from the good documentation.

 

Also, the more important thing here is, that a lot of services like PowerApps, Azure AD, and services stuff around Office 365 and Microsoft cloud services has separate Docs where they publish their URL without the same level of comfort.

 

I tried in past here in forums to make a list of links to all these pages, but after the move from TechNet to Docs, some articles were changed. Maybe Microsoft can a little help with that.

Microsoft

@Thomas Reynolds you will be able to copy/paste from the CSV output with the new web services. There's an example CSV output URL in the above article right at the bottom "The worldwide commercial instance endpoints in CSV format." You can save that as a file.csv and open it in Excel, or just read it on screen.

 

@Ryan Sheldon please use the CSV file to do CTRL-F searching if you need that. Yes, this includes the other service instances and the web service documentation shows how to specify those.

 

@Petr Vlk thank you for the feedback.

Occasional Visitor

As others have said, please do not end the web view and the RSS feed.  Trying to update my access lists and WCCP lists from a JSON file will be brutal.

Regular Visitor

@Paul Andrew Great news, we've been anticipating this since the Networking Focus Group session. Do you know if vendors like Palo Alto involved in this implementation? In these cases we rely on the vendor to update their firewall and VPN products to be aware of these changes.    

Microsoft

@John Erwin we are working with a number of network device and service providers to use the new web services directly. I don't have anything to share on the status of that today though.

Occasional Visitor

@Paul Andrew any more updates on this automation process and the view of vendors you are working with? Would the plan be to have this natively applied to their product?

Frequent Visitor
'You can save that as a file.csv and open it in Excel, or just read it on screen.' Have you clicked on that link Paul? The only thing I need is the ip's in #3. It's a mess. I'm trying to figure a way to pull that out in automatic way for my customer every month. Not fun... :(
Microsoft

@E, Amachaghi We're working with several network vendors with the ask of having them connect and get this data directly.

 

@Thomas Reynolds Thanks for the feedback, we'll look for ways to make this easier.

Senior Member

@Paul Andrew Do you have the Palo Alto Networks in the list of vendors you're woking with?

Thanks

Microsoft

@Alexey Goncharov We're talking to a lot of people, but we don't want to list specific vendors until we have testing results for their products. Hope you can understand.

Senior Member

@Paul Andrew Sure, no problem. Thanks Paul.