Feedback on Office 365 IP/URL Web Services Preview

Microsoft

Please share your feedback or questions on the new Office 365 IP/URL Web Services preview as announced here: https://aka.ms/ipurlblog 

24 Replies

Paul,

I've written myself a PAC file generator which includes the URLs in the Allow and Optimize categories.

I have a question regarding "ExpressRoute" which my company does not use at present. The list of URLs in Allow and Optimize for non ExpressRoute is as follows:

o15.officeredir.microsoft.com

ocsredir.officeapps.live.com

officepreviewredir.microsoft.com

officeredir.microsoft.com

r.office.microsoft.com

ea-000.ocws.officeapps.live.com

eus2-000.ocws.officeapps.live.com

ncus-000.ocws.officeapps.live.com

neu-000.ocws.officeapps.live.com

ocws.officeapps.live.com

scus-000.ocws.officeapps.live.com

weu-000.ocws.officeapps.live.com

wus-000.ocws.officeapps.live.com

eus-odc.officeapps.live.com

ncus-odc.officeapps.live.com

neu-odc.officeapps.live.com

odc.officeapps.live.com

scus-odc.officeapps.live.com

sea-odc.officeapps.live.com

weu-odc.officeapps.live.com

wus-odc.officeapps.live.com

ea-roaming.officeapps.live.com

eus2-roaming.officeapps.live.com

ncus-roaming.officeapps.live.com

neu-roaming.officeapps.live.com

scus-roaming.officeapps.live.com

sea-roaming.officeapps.live.com

weu-roaming.officeapps.live.com

 

Only in other endpoint sets where ExpressRoute is true do you get other URLs which need to go DIRECT e.g. in endpoint set 46:

*broadcast.officeapps.live.com

*excel.officeapps.live.com

*onenote.officeapps.live.com

*powerpoint.officeapps.live.com

*view.officeapps.live.com

*visio.officeapps.live.com

*word-edit.officeapps.live.com

*word-view.officeapps.live.com

office.live.com

 

Are these not required to go DIRECT when not using ExpressRoute?

 

The URLs are listed as to go DIRECT in the PAC file described in the Managing Office 365 endpoints web page.

 

Also Endpoint set 11 has IP addresses and UDP ports 3478,3479,3480,3481 which need to route DIRECT but are listed as ExpressRoute.

 

Can you please clarify the use of ExpressRoute in the web service? Do I need to include all Allow and Optimize endpoint sets regardless of the ExpressRoute setting?

 

 

Thanks

Hi Ian,

 

First, we are planning to create a supported PAC file generator that uses the web services. Probably within the next month.

 

Next, the ExpressRoute flag indicates that the endpoint is supported over ExpressRoute for Office 365 approved ExpressRoute customers. For Endpoint sets with IP Addresses this literally means we advertise routes to those over ExpressRoute route prefixes. For Endpoint sets with URLs it still means the URL is supported when routed over ExpressRoute. It also means that the IP Address resolved from a DNS lookup of the URL will be routed over ExpressRoute. But it does not mean that if a URL Endpoint set has ExpressRoute as false that the IP Address resolved from the DNS will not be routed over ExpressRoute.

 

The choice of a PAC file selecting DIRECT or a Proxy Server is complicated when you have ExpressRoute. For non-ExpressRoute you would ideally route all Optimize and Allow network traffic bypassing a proxy server and this would typically be using DIRECT, with a firewall on the perimeter that passes Optimize and Allow traffic. If you have ExpressRoute for Office 365 you would need to ensure that this traffic goes to the ExpressRoute circuit, and you'll need to restrict the PAC file to only ExpressRoute supported Optimize and Allow endpoints. We're looking at improving the alignment of Optimize and Allow with ExpressRoute.

 

The UDP traffic you mentioned needs to bypass proxy servers. It can be routed over ExpressRoute if you have that for Office 365 or it can be routed direct to the Internet.

 

You should not sent Allow network traffic to an ExpressRoute circuit where it is listed as ExpressRoute is false.

 

Regards,

Paul

I like the powershell method of collecting the info / changes.

 

it would be very helpful if the data was outputted to a csv and have the option for either CIDR or ip subnet format (some Cisco devices still need the latter).  I would make generating the input for the CLI a bit easier.

 

Thanks

S

Hello @netshush,

 

You can get CSV format using the format=CSV parameter to the web service. Here's an example:

 

https://endpoints.office.com/version/Worldwide?Format=CSV&ClientRequestId=b10c5ed1-bad1-445f-b386-b9...

 

Regards,

Paul