Office 365 in Whitelisted environment

What is WatchGuard Best Practice for allowing Office 365 services in whitelisted environments?

Although https://docs.microsoft.com/en-gb/office365/enterprise/office-365-ip-web-service has a list of FQDNs and IPs, Microsoft has https://docs.microsoft.com/en-gb/office365/enterprise/office-365-ip-web-service for keeping them up to date.

I really don't want to have to manually keep a list up to date or have to code something up that pulls down data from that service and updates our WatchGuard units via SSH or something.

M500 and M370 (12.4.1)

Comments

  • Hi Staj, have you run the exchange connectivity tests from this page ?
    https://testconnectivity.microsoft.com/
    Microsoft Office Outlook Connectivity Tests -> Outlook Connectivity
    I would be interested in the 'best practices', if any. I am about to migrate on-prem exchange to o365 and currently having an error on this test site regarding pinging the MAPI endpoint (and in other areas actually). I'm not overly concerned as I can add account on mobiles from external however would like to avoid any potential issues down the track.

  • James_CarsonJames_Carson WatchGuard Representative

    Hi @Staj

    Depending on how you're intending to make exceptions, we can already do this.

    In your HTTPS proxy action, there is a list of predefined exceptions that can be made. Office 365 and other services are available on this list. Excepting it from content inspection will generally get around any webblocker type blocks that were done with inspection on.

    (HTTPS-Proxy: Content Inspection)
    https://www.watchguard.com/help/docs/help-center/en-US/Content/en-US/Fireware/proxies/https/https_proxy_contentinspection_c.html

    If you've whitelisted by policy IPs/FQDNs, this will have to be done manually

    Thank you,

    -James Carson
    WatchGuard Customer Support

Sign In to comment.