Mar 01 2020 09:23 AM
Does Microsoft publish all of the DNS Zones that host Office 365 services? In my non-exhaustive research I've come up with this list.
SharePoint - spo-msedge.net
Outlook - k-msedge.net
Teams - s-msedge.net
I've also seen reference to a-msedge.net, c-msedge.net, and c-msedge.net in this article https://docs.microsoft.com/en-us/windows/privacy/windows-endpoints-1709-non-enterprise-editions
Mar 17 2020 07:00 PM
@Daniel Letsinger What are you trying to solve for here? These particular endpoints you list are examples of Azure Front Door which is used in parts of Office 365. Read about it here https://azure.microsoft.com/en-us/services/frontdoor/
Regards,
Paul
Mar 17 2020 07:30 PM
@Paul Andrew it looks like I'm not using "font door" in the right context.
I'm trying to find out all of the endpoints that host Office 365, while Microsoft publishes what you see in the browser e.g. company.sharepoint.com, in the Office 365 URLs and IP address ranges page, there are other hosts behind the URLs that are not in the public documentation. For example in the screen shot I've attached microsoft.sharepoint.com resolves to spo-0004.spo-msedge.net.
Why am I looking for this?
Picture a network where you selectively allow which internet hosts you're allow to resolve, and you want to manage a white list of every internet based domain you're allowed to resolve while not allowing recursive DNS lookups.
Mar 17 2020 07:35 PM
@Daniel Letsinger Hi Daniel, restricted DNS lookup is not supported. We don't publish intermediary DNS CNAMEs because they are not required for perimeter network configuration. We also don't publish changes that occur in intermediary DNS CNAMEs which is the real problem you would face. Here's a FAQ about the issue: https://docs.microsoft.com/en-us/office365/enterprise/managing-office-365-endpoints#some-office-365-...
Regards,
Paul
Mar 18 2020 05:29 AM
Thanks for confirming Paul! I've opened a ticket with Microsoft and received the same guidance.