01-08-2019 12:59 PM
01-08-2019 12:59 PM
I get asked this from time to time where people will point to some of the Default categorized URLs at http://aka.ms/o365ip. People will tell me that their customer uses a firewall which can only be configured with IP Addresses and therefore they cannot use URLs to identify Office 365 network traffic.
Here's a brief explanation:
IP Addresses for network endpoints that are categorized as Optimize and Allow are provided, but for the worldwide commercial instance no IP Addresses are provided for network endpoints that are categorized as Default. Instead we recommend customers direct Office 365 network traffic that goes to Default categorized endpoints to their default Internet egress location.
There is usually some kind of proxy server which will review and send the request to the Internet over the organizations firewall and the firewall is configured to allow network traffic from the proxy server. Network traffic bound for Office 365 which is categorized as Default is proxy aware and is okay to manage in this way. It's the same as if a user enters a new URL into a web browser. The user doesn't have to provide the IP Address for that URL. Instead the request is sent to a proxy server.
Some of these Default categorized endpoints are hosted by Microsoft and some are third party hosted which are dependencies for Office 365 where Microsoft doesn't control the IP Addresses. Microsoft would never be able to publish all of the IP Addresses required for third party dependent services that are needed for Office 365.
You can read more about the Office 365 network endpoint categorization at http://aka.ms/pnc. If you have an environment that does not permit Internet connectivity except as defined on a firewall by IP Addresses, you may have more work here but my experience is that commercial organizations do not actually do this. They instead of restrictions based on a proxy server.
If you need them, here's all IP Addresses assigned to Microsoft. You should note that this includes IP Addresses used for Azure cloud hosting so this list includes servers managed and controlled by Microsoft customers. https://www.microsoft.com/en-us/download/details.aspx?id=53602
03-27-2019 03:18 AM
Hi @Paul Andrew, all the discussions are about the "Office 365" Services. What's about the Services included in EMS (Intune, AIP, ...) or other like Windows ATP, ATA, ... services.
Are these included in the Office 365 list of (optimized, allow, standard) endpoints?
I could not find any url that indicates they are included, but maybe they hide behind some of the IP ranges.
it would help us temandously if you could clarify this and a link to the endpoint optimization of the non "Office 365" services is provided.