iOS Outlook connecting to undocumented IPs

Highlighted
Valued Contributor

I have the following issue with the Outlook iOS app when the client is behind my Layer 7 Firewall which does SSL inspection:

 

  • Outlook iOS is receiving push notifications of new messages, with message preview available
  • Outlook iOS does not download and display the (full) message and instead throws an error: no internet connection (or not connected to the internet)

I've excluded multiple FQDNs from Microsofts official list (https://support.office.com/en-us/article/Office-365-URLs-and-IP-address-ranges-8548a211-3fe7-47cb-ab...) but issue persists. 

I've combed through the traffic logs of our firewall to get more details and it looks like the Outlook iOS App is connecting to IPs that do not seem to be in the official list. The thing is, every iOS client connects to a different IP, so excluding is kind of impossible.

 

Real Examples:

  • iOS Client 01 - wants to connect to 52.169.216.211 via 443 and is detected as SSL 
  • iOS Client 02 - wants to connect to 52.174.184.105 via 443 and is detected as SSL

As soon as I exclude a specific IP destination from SSL decryption/inspection this one specific iOS Outlook Client works flawlessly. 

 

What is going on here?

3 Replies
Highlighted
Currently experiencing this same issue behind Bluecoat Proxy with HTTPS intercept AND trusted proxy certificate on the client mobile devices. Also using Microsoft InTune to deploy trusted certificates. Was there a solution to this issue?
Highlighted
Not for me yet. I had to disable ssl inspection for my mobile devices within my wifi.
Highlighted

Thanks for replying!

No guidance from Microsoft either?

-Bryan