Differences

This shows you the differences between two versions of the page.

--- blocklists:microsoft:microsoft_office_365 [2021/02/07 14:49] – peter
+++ blocklists:microsoft:microsoft_office_365 [2021/02/11 10:19] (current) – peter
@@ Line 2: / Line 2: @@
 ===== Get Current List of IP Addresses =====
-==== Download the endpoints file ====
 <code bash>
-curl https://endpoints.office.com/endpoints/worldwide?clientrequestid=b10c5ed1-bad1-445f-b386-b919946339a7 > office.txt
+curl https://endpoints.office.com/endpoints/worldwide?clientrequestid=948beb0b-32bb-4e1c-a67d-091c861a0cc6 > /tmp/office.txt
+jq -r '.[] | select(.ips) .ips[]' /tmp/office.txt | sort -t . -k1,1n -k2,2n -k3,3n -k4,4n | uniq
 </code>
 <WRAP info>
-**NOTE:**  The UUID b10c5ed1-bad1-445f-b386-b919946339a7 is the default one provided by Microsoft.
+**NOTE:**  See: [[Blocklists:Microsoft:Get Microsoft URLs, IP addresses and Ports|Get Microsoft URLs, IP addresses and Ports]].
+</WRAP>
-This UUID may be discontinued in the future, so it is recommended to use an alternative UUID in this case.
+returns:
-The returned result includes both IPv4 and IPv6 addresses.
+<code>
+.80.125.22/32
-To exclude IPv6, use this:
+.91.91.243/32
+.107.6.152/31
-<code bash>
+.107.6.156/31
-curl "https://endpoints.office.com/endpoints/worldwide?noipv6&ClientRequestId=b10c5ed1-bad1-445f-b386-b919946339a7" > office_ipv4.txt
+.107.6.171/32
+.107.7.190/31
+.107.9.156/31
+.107.18.10/31
+.107.64.0/18
+.107.128.0/22
+.107.136.0/22
+.107.140.6/32
+.190.128.0/18
+.103.160.0/20
+.81.156.154/32
+.90.218.198/32
+.92.0.0/15
+.96.0.0/13
+.104.0.0/15
+.107.0.0/16
+.108.128.0/17
+.126.0.0/18
+.96.0.0/14
+.100.0.0/14
+.104.0.0/14
+.108.0.0/14
+.112.0.0/14
+.120.0.0/14
+.174.56.180/32
+.183.75.62/32
+.184.165.82/32
+.238.78.88/32
+.238.106.116/32
+.238.119.141/32
+.244.37.168/32
+.244.160.207/32
+.244.203.72/32
+.244.207.172/32
+.244.223.198/32
+.247.150.191/32
+.42.230.91/32
+.47.0.0/17
+.146.128.0/17
+.253.33.215/32
+.245.0.0/16
+.171.32.0/22
+.171.40.0/22
+.55.145.0/25
+.55.155.0/25
+.55.227.192/26
+.79.197.215/32
 </code>
-</WRAP>
 ----
-==== Check list of Services ====
+===== Get Current List of URLs =====
 <code bash>
-jq -r '.[].serviceArea' aa.txt | sort | uniq > office.txt
+jq -r '.[] | select(.urls) .urls[]' /tmp/office.txt | sort | uniq
 </code>
@@ Line 35: / Line 79: @@
 <code>
-Common
+*.aadrm.com
-Exchange
+account.activedirectory.windowsazure.com
-SharePoint
+account.live.com
-Skype
+account.office.net
+accounts.accesscontrol.windows.net
+accounts.google.com
+acompli.helpshift.com
+*.acompli.net
+activation.sls.microsoft.com
+activity.windows.com
+ad.atdmt.com
+*.adl.windows.com
+admin.microsoft.com
+admin.onedrive.com
+adminwebservice.microsoftonline.com
+ajax.aspnetcdn.com
+ajax.microsoft.com
+aka.ms
+amp.azure.net
+amsglob0cdnstream13.azureedge.net
+amsglob0cdnstream14.azureedge.net
+analytics.localytics.com
+api.dropboxapi.com
+api.localytics.com
+api.login.yahoo.com
+api.meetup.com
+*.api.microsoftstream.com
+api.microsoftstream.com
+api.office.com
+api.passwordreset.microsoftonline.com
+apis.live.net
+app.adjust.com
+app.box.com
+*.appex.bing.com
+*.appex-rf.msn.com
+appsforoffice.microsoft.com
+apps.identrust.com
+*.aria.microsoft.com
+assets.onestore.ms
+*.assets-yammer.com
+attachments.office.net
+auth.gfx.ms
+autodiscover.*.onmicrosoft.com
+autologon.microsoftazuread-sso.com
+*.azure-apim.net
+*.azureedge.net
+*.azurerms.com
+becws.microsoftonline.com
+bit.ly
+*.blob.core.windows.net
+*.broadcast.skype.com
+broadcast.skype.com
+by.uservoice.com
+c1.microsoft.com
+cacerts.digicert.com
+c.bing.com
+c.bing.net
+cdn.forms.office.net
+cdn.odc.officeapps.live.com
+*.cdn.office.net
+*cdn.onenote.net
+cdn.optimizely.com
+cdnprod.myanalytics.microsoft.com
+cdn.sharepointonline.com
+cert.int-x3.letsencrypt.org
+cl2.apple.com
+clientconfig.microsoftonline-p.net
+c.live.com
+*.cloudapp.net
+companymanager.microsoftonline.com
+compass-ssl.microsoft.com
+*.config.office.net
+connect.facebook.net
+contentstorage.osi.office.net
+crl3.digicert.com
+crl4.digicert.com
+crl.globalsign.com
+crl.globalsign.net
+crl.identrust.com
+crl.microsoft.com
+data.flurry.com
+dc.applicationinsights.microsoft.com
+dc.services.visualstudio.com
+d.docs.live.net
+device.login.microsoftonline.com
+dgps.support.microsoft.com
+directory.services.live.com
+docs.live.net
+docs.microsoft.com
+ecn.dev.virtualearth.net
+enterpriseregistration.windows.net
+*.entrust.net
+en-us.appex-rf.msn.com
+eus-www.sway-cdn.com
+eus-www.sway-extensions.com
+*.events.data.microsoft.com
+excelbingmap.firstpartyapps.oaspapps.com
+excelcs.officeapps.live.com
+*-files.sharepoint.com
+firstpartyapps.oaspapps.com
+*.flow.microsoft.com
+foodanddrink.services.appex.bing.com
+forms.microsoft.com
+*.geotrust.com
+g.live.com
+go.microsoft.com
+graph.facebook.com
+graph.microsoft.com
+graph.windows.net
+*.helpshift.com
+*.hip.live.com
+*.hockeyapp.net
+home.office.com
+*.informationprotection.azure.com
+informationprotection.hosting.portal.azure.net
+insertmedia.bing.office.net
+isrg.trustid.ocsp.identrust.com
+*.itunes.apple.com
+*.keydelivery.mediaservices.windows.net
+*.localytics.com
+logincert.microsoftonline.com
+loginex.microsoftonline.com
+login.live.com
+login.microsoft.com
+login.microsoftonline.com
+login.microsoftonline-p.com
+login-us.microsoftonline.com
+login.windows.net
+login.windows-ppe.net
+*.log.optimizely.com
+lpcres.delve.office.com
+*.lync.com
+mail.google.com
+*.mail.protection.outlook.com
+management.azure.com
+*.manage.microsoft.com
+*.manage.office.com
+manage.office.com
+*.media.azure.net
+mem.gfx.ms
+m.facebook.com
+*.microsoft.com
+*.microsoftonline.com
+*.microsoftonline-p.com
+*.microsoftusercontent.com
+mlccdn.blob.core.windows.net
+mlccdnprod.azureedge.net
+mrodevicemgr.officeapps.live.com
+*.msauthimages.net
+*.msauth.net
+mscrl.microsoft.com
+msdn.microsoft.com
+*.msecnd.net
+*.msedge.net
+*.msftauthimages.net
+*.msftauth.net
+*.msftidentity.com
+*.msidentity.com
+*.msocdn.com
+*.mstea.ms
+myanalytics-gcc.microsoft.com
+myanalytics.microsoft.com
+*-myfiles.sharepoint.com
+nexus.microsoftonline-p.com
+nexus.officeapps.live.com
+nexusrules.officeapps.live.com
+*.notification.api.microsoftstream.com
+nps.onyx.azure.net
+o15.officeredir.microsoft.com
+*.o365weve.com
+ocos-office365-s2s.msedge.net
+ocsa.officeapps.live.com
+ocsp2.globalsign.com
+ocsp.digicert.com
+ocsp.globalsign.com
+ocsp.int-x3.letsencrypt.org
+ocsp.msocsp.com
+ocspx.digicert.com
+ocsredir.officeapps.live.com
+ocws.officeapps.live.com
+odc.officeapps.live.com
+odcsm.officeapps.live.com
+office15client.microsoft.com
+*.office365.com
+office365servicehealthcommunications.cloudapp.net
+*.officeapps.live.com
+officeapps.live.com
+officecdn.microsoft.com
+officecdn.microsoft.com.edgesuite.net
+officeclient.microsoft.com
+*.office.com
+*.officeconfig.msocdn.com
+office.live.com
+office.microsoft.com
+*.office.net
+officepreviewredir.microsoft.com
+officeredir.microsoft.com
+officespeech.platform.bing.com
+ols.officeapps.live.com
+omextemplates.content.office.net
+*.omniroot.com
+oneclient.sfx.ms
+*.onenote.com
+*.online.office.com
+*.onmicrosoft.com
+osiprod-cus-daffodil-signalr-00.service.signalr.net
+osiprod-neu-daffodil-signalr-00.service.signalr.net
+osiprod-weu-daffodil-signalr-00.service.signalr.net
+osiprod-wus-daffodil-signalr-00.service.signalr.net
+*.outlook.com
+*.outlookmobile.com
+outlook.office365.com
+*.outlook.office.com
+outlook.office.com
+outlook.uservoice.com
+p100-sandbox.itunes.apple.com
+partnerservices.getmicrosoftkey.com
+passwordreset.microsoftonline.com
+peoplegraph.firstpartyapps.oaspapps.com
+*.phonefactor.net
+platform.linkedin.com
+play.google.com
+policykeyservice.dc.ad.msft.net
+*.portal.cloudappsecurity.com
+portal.microsoftonline.com
+portal.office.com
+*.powerapps.com
+pptcs.officeapps.live.com
+privatecdn.sharepointonline.com
+prod.firstpartyapps.oaspapps.com.akadns.net
+prod.msocdn.com
+*.protection.office.com
+protection.office.com
+*.protection.outlook.com
+provisioningapi.microsoftonline.com
+publiccdn.sharepointonline.com
+*.public-trust.com
+r1.res.office365.com
+r3.res.office365.com
+r3.res.outlook.com
+r4.res.office365.com
+rink.hockeyapp.net
+roaming.officeapps.live.com
+r.office.microsoft.com
+s0.assets-yammer.com
+sas.office.microsoft.com
+sdk.hockeyapp.net
+*.search.production.apac.trafficmanager.net
+*.search.production.emea.trafficmanager.net
+*.search.production.us.trafficmanager.net
+secure.aadcdn.microsoftonline-p.com
+secure.globalsign.com
+secure.meetup.com
+*.secure.skypeassets.com
+*.sfbassets.com
+*.sharepoint.com
+*.sharepointonline.com
+shellprod.msocdn.com
+signup.live.com
+signup.microsoft.com
+*.skype.com
+*.skypeforbusiness.com
+skypemaprdsitus.trafficmanager.net
+smtp.office365.com
+social.yahooapis.com
+spoprod-a.akamaihd.net
+ssw.live.com
+staffhub.ms
+staffhub.uservoice.com
+staffhubweb.azureedge.net
+static.sharepointonline.com
+statics.teams.microsoft.com
+storage.live.com
+*.streaming.mediaservices.windows.net
+suite.office.net
+support.content.office.net
+support.microsoft.com
+support.office.com
+*.svc.ms
+sway.com
+*.symcb.com
+*.symcd.com
+s.ytimg.com
+*.teams.microsoft.com
+teams.microsoft.com
+technet.microsoft.com
+telemetryservice.firstpartyapps.oaspapps.com
+*.tenor.com
+testconnectivity.microsoft.com
+tse1.mm.bing.net
+uci.officeapps.live.com
+*.urlp.sfbassets.com
+*.users.storage.live.com
+*.verisign.com
+*.verisign.net
+videocontent.osi.office.net
+videoplayercdn.osi.office.net
+view.atdmt.com
+*.virtualearth.net
+vortex.data.microsoft.com
+watson.microsoft.com
+watson.telemetry.microsoft.com
+weather.tile.appex.bing.com
+webanalytics.localytics.com
+web.localytics.com
+web.microsoftstream.com
+wikipedia.firstpartyapps.oaspapps.com
+*.wns.windows.com
+wordcs.officeapps.live.com
+workplaceanalytics.cdn.office.net
+workplaceanalytics.office.com
+wus-firstpartyapps.oaspapps.com
+wus-www.sway-cdn.com
+wus-www.sway-extensions.com
+www.acompli.com
+www.bing.com
+www.digicert.com
+www.dropbox.com
+www.evernote.com
+www.google-analytics.com
+www.googleapis.com
+www.microsoft.com
+www.office.com
+www.onedrive.com
+www.outlook.com
+www.sway.com
+www.youtube.com
+*.yammer.com
+*.yammerusercontent.com
 </code>
 ----
-==== Get IPs for the Specific Service ====
+===== Get Current List of TCP Ports =====
-Assuming IPs for the Exchange is needed.
 <code bash>
-jq -r '.[] | select(.serviceArea=="Exchange") | select(.ips) .ips[]' aa.txt | sort -t . -k1,1n -k2,2n -k3,3n -k4,4n | uniq > aa6.txt
+jq -r '.[] | .tcpPorts' office.txt  | sed 's/,/\n/'g | sort | uniq
 </code>
-**NOTE:**  Other queries that can be used include:
+returns:
-<code bash>
-jq -r '.[] | select(.serviceArea=="Exchange") | select(.ips) .ips[]' aa.txt  > office.txt
-jq -r '.[] | select(.serviceArea=="Exchange") | select(.ips) .ips[]' aa.txt | sort | uniq > office.txt
-</code>
-----
-==== Ports ====
-For chat:
-  * http (80)
-  * https (443)
-  * udp/3478-3481
-----
-===== Domain list =====
 <code>
-office.com
-office365.com
-office.net
-onedrive.com
-sharepoint.com
-optimizely.com
-microsoftonline.com
-production.us.trafficmanager.net
+null
-microsoft.com
-live.com
-oneclient.sfx.ms
-sharepointonline.com
-spoprod-a.akamaihd.net
-prod.msocdn.com
-svc.ms
-lync.com
-broadcast.skype.com
-skypeforbusiness.com
-sfbassets.com
-skypemaprdsitus.trafficmanager.net
-windows.net
-msecnd.net
-aspnetcdn.com
-live.net
-aka.ms
-azure.net
-windows.com
-windows.net
-msedge.net
-mstea.ms
-skypeassets.com
-azureedge.net
-tenor.com
-microsoftstream.com
-assets-yammer.com
-azureedge.net
-onenote.com
-onenote.net
-aspnetcdn.com
-optimizely.com
-msappproxy.net
-msftidentity.com
-msidentity.com
-windowsazure.com
-microsoftazuread-sso.com
-microsoftonline-p.net
-msauth.net
-msauthimages.net
-msftauth.net
-msftauthimages.net
-phonefactor.net
-visualstudio.com
-cloudapp.net
-staffhub.ms
-gfx.ms
-appex.bing.com
-appex-rf.msn.com
-getmicrosoftkey.com
-atdmt.com
-yammer.com
-yammerusercontent.com
-sway-cdn.com
-sway-extensions.com
-sway.com
 </code>
 <WRAP info>
-**NOTE:**  Top level domains use used instead of multiple subdomains.
+**NOTE:**  An alternative command:
-For example, excel.officeapps.microsoft.com, word.officeapps.microsoft.com are abbreviated to just officapps.microsoft.com.
+<code bash>
+jq -r '.[] | .tcpPorts' office.txt | sort | uniq
-Amend if needed.
+</code>
 </WRAP>
@@ Line 152: / Line 442: @@
 ----
-==== IP Ranges ====
+===== Get Current List of UDP Ports =====
-Includes local subnets if not present already.
+<code bash>
+jq -r '.[] | .udpPorts' office.txt  | sed 's/,/\n/'g | sort | uniq
+</code>
+returns:
 <code>
-.146.128.0/17
-.42.230.91
-.44.218.128/25
-.44.254.128/25
-.44.255.0/25
+null
-.47.0.0/17
-.91.91.243
-.106.4.128/25
-.106.56.0/25
-.107.128.0/22
-.107.136.0/22
-.107.140.6
-.107.18.10/31
-.107.6.152/31
-.107.6.156/31
-.107.6.171
-.107.7.190/31
-.107.9.155/31
-.80.125.22
-.253.33.215
-.245.0.0/16
-.170.172.128/25
-.170.67.0/25
-.171.32.0/22
-.171.40.0/22
-.55.130.0/25
-.55.145.0/25
-.55.155.0/25
-.55.227.192/26
-.55.45.128/25
-.232.2.128/25
-.234.140.0/22
-.190.128.0/18
-.79.197.215
-.103.160.0/20
-.96.0.0/13
-.104.0.0/15
-.107.0.0/16
-.108.128.0/17
-.126.0.0/18
-.81.156.154
-.92.0.0/15
-.90.218.198
-.108.0.0/14
-.100.0.0/14
-.104.0.0/14
-.174.56.180
-.183.75.62
-.184.165.82
-.238.106.116
-.238.78.88
-.247.150.191
-.96.0.0/14
-.54.170.128/25
 </code>
-----
+<WRAP info>
+**NOTE:**  An alternative command:
-For the Teams app, these additional IP ranges are needed:
+<code bash>
+jq -r '.[] | .udpPorts' office.txt | sort | uniq
-<code>
-.107.64.0/18
-.112.0.0/14
-.120.0.0/14
 </code>
+</WRAP>
 ----
@@ Line 228: / Line 472: @@
 https://docs.microsoft.com/en-us/microsoft-365/enterprise/urls-and-ip-address-ranges?view=o365-worldwide
+https://docs.microsoft.com/en-us/microsoft-365/enterprise/microsoft-365-ip-web-service?view=o365-worldwide
 https://docs.microsoft.com/en-us/skypeforbusiness/plan-your-deployment/network-requirements/ports-and-protocols
+https://www.guidgenerator.com/
+https://community.sophos.com/xg-firewall/f/discussions/87958/office365-activation-failed