Forum Discussion
What are the FQDNs used for Office 365 logon and authentication?
When you have a chance to look at the URL, you can realize it needs to allow based on what you want but not Office 365 since quite a huge of productivity platform, there is NO one go for ALL Office 365 services and not practical, nor FQDN but URL and IP address to allow for the authentication, hope clear your understanding here.
For how to have a systematic way for the allowed list handling, you may consider firewall feature on category release, or further study how your 'authentication' means? Say protocols, devices, authentication method, etc.
I'm afraid I'm not quite understanding your post.
Why is it so difficult for Microsoft to have a single FQDN URL to handle Office 365 authentication? At least, for the USA where I am located.
Like I said, I know the issue is that I'm not being lax enough on my firewall rules. We run a secure ship here, and I'm not interested in opening thousands of IPs and URLs. I just want authentication to Office 365.
I am the same thoughts as you since I am one of the full-time IT infra guys but also would like to spend effort and contribute my time here to help others.
Back to your question, I am quite sure Microsoft will provide your below URL to release even raised a ticket, as the result and you can observe from the list, it was mixed with URL and IP address and it's confirmed no pure IP address list ONLY (please note that partial release of URL\IP address may work but possibly introduce performance issue and unexpected error).
From my experience, you can consider handling this kind of 'change' systemically, some firewall called this as 'object' while some called 'category', you just simply release 'Office 365' as category and your firewall will update the URLs and IP address without bothering you.
Hope this help
To supplement, one of the firewall vendors called paloalto handling:
Configure the Firewall to Access an External Dynamic List (paloaltonetworks.com)