We announced in April that the Office 365 IP Addresses and URLs page was being replaced with access to the data from new web services. See http://aka.ms/ipurlblog for the announcement. I’ve heard a few requests for guidance on how to migrate to the new web services.
We publish network endpoint data for Office 365 across the five service instances and each has separate network connectivity. They are:
- Office 365 worldwide commercial
- Office 365 US Government GCC High
- Office 365 US Government DoD
- Office 365 Germany
- Office 365 operated by 21Vianet
For each of these we publish am HTML page with tables that list the URLs and IP Address ranges that must be accessible. We also publish an XML file for each and have an RSS feed which is updated to show changes.
These are all planned to be deprecated and no longer updated from October 2nd, 2018. Depending on how you use the current data, you will have a different recommended path for migrating to the new web services which provide the data.
The new web services provide IP Address and URL network endpoint data in JSON format along with other attributes that were previously only available in the HTML tables and some new attributes. We will be providing new published HTML tables and RSS feeds that are based off the web services data.
Here are some existing scenarios where customers use the data along with how we recommend migrating to the new web services.
Using the XML file for firewall or proxy server configuration using a script
The XML files that we publish will no longer be updated from October 2nd, 2018 so it’s particularly important to migrate off them. Typically, if you have script that is downloading these files it will be necessary to update it to use the JSON data from the web services. Although these are different formats, most scripting languages have native support for both, so the update should be straight forward.
We provide sample scripts for accessing the data in PowerShell and Python in the web services user guide.
Screen scraping data attributes from the HTML web page
Although Microsoft doesn’t support screen scraping of the HTML published data we understand that some customers do this to get additional attributes about Office 365 network endpoints from the HTML tables. The good news is that you don’t need to do this any longer. All supported attributes are available in the new web services so there will be no longer any need for screen scraping of the HTML tables. Please discontinue any screen scraping.
Classifying network traffic by the Office 365 application for reporting purposes
Some customers look at the destination IP Address and map it to the Office 365 Product name listed in the XML file. This Product list has inconsistencies, is missing dependencies, has out of date names and we do not support selection of individual Office 365 applications by network endpoint so we are removing it. We are replacing this with a shorter list of Service Areas for which selective enablement is supported. There are three service areas which can be selected independently and a fourth common service area. This table shows the mapping of the old Product to the new Service Areas. Two of the old Product names no longer exist and are shown mapped to <Removed>.
|
Old XML Product |
New JSON ServiceArea |
|
WAC |
Common |
|
Sway |
Common |
|
Planner |
Common |
|
ProPlus |
Common |
|
Ex-Fed |
<Removed> |
|
Yammer |
Common |
|
Teams |
Skype |
|
OfficeiPad |
Common |
|
OfficeMobile |
Common |
|
RCA |
<Removed> |
|
OneNote |
Common |
|
EXO |
Exchange |
|
SPO |
SharePoint |
|
Office365Video |
Common |
|
LYO |
Skype |
|
Identity |
Common |
|
CRLs |
Common |
|
o365 |
Common |
|
EOP |
Exchange |
Although we recommend enabling all service areas, you can select which service areas to return data when calling the web services. The Common service area is always returned since the other service areas have a dependency on it. The specific service area name is also included in the web services attributes returned. Here’s an example PowerShell script command to get endpoint data for the Exchange Online service area and the Common service area:
Using the RSS publishing to have changes reviewed and then applied to networking devices
We will be replacing the current RSS feed so that customers who are familiar with using an RSS reader to get notification of changes can still do so. The old RSS feeds will all be removed after October 2nd, 2018. The URLs for each RSS feed will be changing, and the structure of the text returned, and the number of updates will be improved on.
You can also use Microsoft Flow to create review and update processes to respond to IP Address and URL changes. We’re working on an article which demonstrates how to set this up. I’ll update this page with a link to that article once it is available.
Just searching for an IP Address
If you use the IP Addresses and URLs page just for searching for an IP Address that you see in a log file, then you can continue to do that. The current HTML tables of the network endpoints are manually edited, and we are going to be removing them. We will republish the HTML tables as generated from the web services. You will still need to search for the IP Address network (or CIDR) that contains the IP Address you want.
Summary
The new web services are improved over the old publishing, but there will still be some migration work required. The above recommendations are intended to help you to plan for the changes.
How do you use the existing Office 365 network endpoint data? Are there any other scenarios that you are using the existing published IP Address and URL data for? Let us know.
