cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Why are some Office 365 network endpoints provided as URLs only with no IP Addresses?

Paul Andrew
Microsoft

‎Jan 08 2019 12:59 PM

‎Jan 08 2019 12:59 PM

Why are some Office 365 network endpoints provided as URLs only with no IP Addresses?

I get asked this from time to time where people will point to some of the Default categorized URLs at http://aka.ms/o365ip. People will tell me that their customer uses a firewall which can only be configured with IP Addresses and therefore they cannot use URLs to identify Office 365 network traffic.

 

Here's a brief explanation:

 

IP Addresses for network endpoints that are categorized as Optimize and Allow are provided, but for the worldwide commercial instance no IP Addresses are provided for network endpoints that are categorized as Default. Instead we recommend customers direct Office 365 network traffic that goes to Default categorized endpoints to their default Internet egress location.

 

There is usually some kind of proxy server which will review and send the request to the Internet over the organizations firewall and the firewall is configured to allow network traffic from the proxy server. Network traffic bound for Office 365 which is categorized as Default is proxy aware and is okay to manage in this way. It's the same as if a user enters a new URL into a web browser. The user doesn't have to provide the IP Address for that URL. Instead the request is sent to a proxy server.

 

Some of these Default categorized endpoints are hosted by Microsoft and some are third party hosted which are dependencies for Office 365 where Microsoft doesn't control the IP Addresses. Microsoft would never be able to publish all of the IP Addresses required for third party dependent services that are needed for Office 365.

 

You can read more about the Office 365 network endpoint categorization at http://aka.ms/pnc. If you have an environment that does not permit Internet connectivity except as defined on a firewall by IP Addresses, you may have more work here but my experience is that commercial organizations do not actually do this. They instead of restrictions based on a proxy server.

 

If you need them, here's all IP Addresses assigned to Microsoft. You should note that this includes IP Addresses used for Azure cloud hosting so this list includes servers managed and controlled by Microsoft customers. https://www.microsoft.com/en-us/download/details.aspx?id=53602 

 

 

4,792 Views
0 Likes
2 Replies
Reply
2 Replies
Franck Marteaux

‎Mar 27 2019 03:18 AM

‎Mar 27 2019 03:18 AM

Re: Why are some Office 365 network endpoints provided as URLs only with no IP Addresses?

Hi @Paul Andrew, all the discussions are about the "Office 365" Services. What's about the Services included in EMS (Intune, AIP, ...) or other like Windows ATP, ATA, ... services.

Are these included in the Office 365 list of (optimized, allow, standard) endpoints?

I could not find any url that indicates they are included, but maybe they hide behind some of the IP ranges.

it would help us temandously if you could clarify this and a link to the endpoint optimization of the non "Office 365" services is provided.

 

Thanks,

Franck

0 Likes
Reply
Petri X

‎Apr 29 2020 10:26 AM - edited ‎Apr 29 2020 10:44 AM

‎Apr 29 2020 10:26 AM - edited ‎Apr 29 2020 10:44 AM

Re: Why are some Office 365 network endpoints provided as URLs only with no IP Addresses?

Hi @Paul Andrew 

 

I re-read your documentation about the categories on here: New Office 365 endpoint categories. There you are listing three categories "Optimize", "Allow", or "Default".

 

At the moment (when doing a bit guessing work) the Live Event service belongs to category "Default". That means the traffic on that category is handled like regular "ping".

 

But if you take a look for category "optimize" and its description it says: "Optimize endpoints are required for connectivity to every Office 365 service and represent over 75% of Office 365 bandwidth, connections and volume of data." In some terms we could thing that Live Event and Streaming service are not utilizing the most of the bandwidth, but fact is also, when you are having large Live Event that is requiring bandwidth from companies. Yes, it is not as intensive than RTP (Real Time Protocol) traffic is, but I believe companies would get benefits if these two services could be updated to "optimize". Think about e.g. VPN split tunneling.

 

I lifted also a User Voice: Change Live Events (and Streaming service) categories from Default to Optimize  for this, but expectations are not so high :)

 

0 Likes
Reply