Simplifying Office 365 URL publishing by FQDN deduplication for proxy servers

%3CLINGO-SUB%20id%3D%22lingo-sub-1496764%22%20slang%3D%22en-US%22%3ESimplifying%20Office%20365%20URL%20publishing%20by%20FQDN%20deduplication%20for%20proxy%20servers%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1496764%22%20slang%3D%22en-US%22%3E%3CP%3EOffice%20365%20publishes%20IP%20Addresses%20and%20Fully%20Qualified%20Domain%20Names%20(FQDNs)%20so%20that%20customers%20can%20configure%20firewalls%20and%20proxy%20servers%20to%20allow%20appropriate%20access%20by%20users.%20These%20are%20published%20to%20%3CA%20href%3D%22http%3A%2F%2Faka.ms%2Fo365ip%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttp%3A%2F%2Faka.ms%2Fo365ip%3C%2FA%3E%26nbsp%3Band%20there%20is%20a%20web%20service%20which%20makes%20them%20available%20along%20with%20change%20tracking%20and%2030%20days%20notice%20for%20additions%20at%20%3CA%20href%3D%22http%3A%2F%2Faka.ms%2Fipurlws%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttp%3A%2F%2Faka.ms%2Fipurlws.%3C%2FA%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EWe%20publish%20updates%20at%20the%20end%20of%20each%20month%20and%20included%20in%20todays%20publishing%20is%20a%20new%20method%20for%20deduplicating%20FQDNs%20which%20would%20be%20already%20allowed%20by%20a%20published%20wildcard%20URL.%20This%20new%20method%20has%20two%20implications%20for%20customers%3A%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E1)%20There%20is%20a%20new%20change%20impact%20description%20in%20our%20changes%20web%20service%20called%26nbsp%3BRemovedDuplicateIpOrUrl.%20This%20will%20be%20included%20any%20time%20we%20remove%20an%20FQDN%20because%20it%20is%20not%20necessary%20due%20to%20it%20matching%20a%20wildcard%20URL.%20When%20you%20see%20these%20changes%2C%20it%20means%20that%20an%20FQDN%20was%20removed%20from%20publishing%2C%20but%20that%20the%20FQDN%20is%20still%20in%20use%20by%20Office%20365.%20The%20FQDN%20is%20covered%20by%20a%20wildcard%20URL%20which%20is%20also%20published.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EFor%20example%3A%20connectivity%20to%20*.office.com%20is%20required%20for%20Office%20365.%20Proxy%20servers%20do%20not%20need%20to%20additional%20have%20config.office.com%20allowed%20since%20access%20to%20that%20is%20already%20permitted%20by%20the%20*.office.com%20entry.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E2)%20There%20are%20fewer%20entries%20published%20now%20that%20need%20to%20be%20listed%20on%20a%20proxy%20server.%20The%20changes%20to%20the%20Office%20365%20worldwide%20instance%20are%20published%20%3CA%20href%3D%22https%3A%2F%2Fendpoints.office.com%2Fchanges%2Fworldwide%2F2020062800%3Fclientrequestid%3D12345678-1234-1234-1234-123456789012%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehere%3C%2FA%3E%2C%20show%2052%20fewer%20FQDN%2FURL%20entries%20than%20yesterday.%20Note%20that%20the%20changes%20URL%20shows%20all%20changes%20since%20June%2028%2C%202020%20and%20will%20show%20additional%20changes%20in%20the%20future.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EThis%20should%20help%20simplify%20proxy%20server%20configuration%20for%20Office%20365.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1502821%22%20slang%3D%22en-US%22%3ERe%3A%20Simplifying%20Office%20365%20URL%20publishing%20by%20FQDN%20deduplication%20for%20proxy%20servers%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1502821%22%20slang%3D%22en-US%22%3E%3CP%3E-ERR%3AREF-NOT-FOUND-%40Paul%20Andrew%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EHi%2C%20what%20would%20be%20useful%20to%20know%20is%20how%20does%20Microsoft's%20revised%20approach%20to%20O365%20URL%20Publishing%20impact%20on%20services%2C%20such%20a%20Microsoft%20Whiteboard%2C%20are%20looked%20at.%26nbsp%3B%20I%20mention%20Whiteboard%20because%20it%20isn't%20covered%20by%20the%20current%20list%20of%20O365%20URLs%20and%20IPs.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI'm%20sure%20that%20Microsoft%20have%20a%20process%20that%20brings%20a%20service%20like%20Whiteboard%20in%20to%20scope%20of%20the%20O365%20URL%20list%2C%20so%20it%20would%20be%20useful%20to%20understaand%20a%20high-level%20overview%20of%20just%20how%20this%20works.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EIt%20would%20help%20with%20many%20'discussions'%20in%20my%20own%20organisation%20because%20the%20O365%20URL%20list%20is%20seen%20as%20being%20definitive%2C%20so%20you%20get%20a%20response%20like%20%22if%20its%20not%20on%20the%20list...%22%20and%20end%20up%20driving%20around%20in%20circles.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EPete%3C%2FP%3E%3C%2FLINGO-BODY%3E
Highlighted
Microsoft

Office 365 publishes IP Addresses and Fully Qualified Domain Names (FQDNs) so that customers can configure firewalls and proxy servers to allow appropriate access by users. These are published to http://aka.ms/o365ip and there is a web service which makes them available along with change tracking and 30 days notice for additions at http://aka.ms/ipurlws.

 

We publish updates at the end of each month and included in todays publishing is a new method for deduplicating FQDNs which would be already allowed by a published wildcard URL. This new method has two implications for customers:

 

1) There is a new change impact description in our changes web service called RemovedDuplicateIpOrUrl. This will be included any time we remove an FQDN because it is not necessary due to it matching a wildcard URL. When you see these changes, it means that an FQDN was removed from publishing, but that the FQDN is still in use by Office 365. The FQDN is covered by a wildcard URL which is also published.

 

For example: connectivity to *.office.com is required for Office 365. Proxy servers do not need to additional have config.office.com allowed since access to that is already permitted by the *.office.com entry.

 

2) There are fewer entries published now that need to be listed on a proxy server. The changes to the Office 365 worldwide instance are published here, show 52 fewer FQDN/URL entries than yesterday. Note that the changes URL shows all changes since June 28, 2020 and will show additional changes in the future.

 

This should help simplify proxy server configuration for Office 365.

1 Reply
Highlighted

@Paul Andrew 

 

Hi, what would be useful to know is how does Microsoft's revised approach to O365 URL Publishing impact on services, such a Microsoft Whiteboard, are looked at.  I mention Whiteboard because it isn't covered by the current list of O365 URLs and IPs.

 

I'm sure that Microsoft have a process that brings a service like Whiteboard in to scope of the O365 URL list, so it would be useful to understaand a high-level overview of just how this works.

 

It would help with many 'discussions' in my own organisation because the O365 URL list is seen as being definitive, so you get a response like "if its not on the list..." and end up driving around in circles.

 

Pete