Wiki

User Tools

Site Tools

Trace: get_microsoft_urls_ip_addresses_and_ports
blocklists:microsoft:get_microsoft_urls_ip_addresses_and_ports

Table of Contents

Blocklists - Microsoft - Get Microsoft URLs, IP addresses and Ports

Microsoft updates the Office 365 IP address and FQDN entries at the end of each month.

Out-of-band updates are sometimes published due to support incidents, security updates or other operational requirements.

Create a GUID

Microsoft require a GUID to download the list of current URLs and IPs.

By default, Microsoft uses the following UUID, b10c5ed1-bad1-445f-b386-b919946339a7, as an example, but this specific UUID may be disallowed in future, so it is recommended to use an alternative UUID. 

uuidgen

returns: 

948beb0b-32bb-4e1c-a67d-091c861a0cc6

NOTE: There are alternative ways to create a UUID.

Download the endpoints file

curl https://endpoints.office.com/endpoints/worldwide?clientrequestid=948beb0b-32bb-4e1c-a67d-091c861a0cc6 > office.txt

returns: 

  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100 56888  100 56888    0     0  76053      0 --:--:-- --:--:-- --:--:-- 75951

NOTE: This will download the file in JSON format.

  • CSV format is also available by adding &format=CSV.
  • For example 
    curl "https://endpoints.office.com/endpoints/worldwide?noipv6&format=CSV&ClientRequestId=948beb0b-32bb-4e1c-a67d-091c861a0cc6" > office2.txt

The actual Data columns in the file:

  • ID: The ID number of the row, also known as an endpoint set.
  • Category: Shows whether the endpoint set is categorized as “Optimize”, “Allow”, or “Default”.
  • ER: This is Yes if the endpoint set is supported over Azure ExpressRoute with Office 365 route prefixes.
  • Addresses: Lists the FQDNs or wildcard domain names and IP Address ranges for the endpoint set.
    • An IP Address range is in CIDR format and may include many individual IP Addresses in the specified network.
  • Ports: Lists the TCP or UDP ports that are combined with the Addresses to form the network endpoint.
    • There may be some duplication in IP Address ranges where there are different ports listed.

Alternative Options to used with the curl command, including:

  • ServiceAreas=<Common | Exchange | SharePoint | Skype>
  • NoIPv6=<true | false>
  • Instance=<Worldwide | China | Germany | USGovDoD | USGovGCCHigh>

For example:

  • To exclude IPv6, use this: 
    curl "https://endpoints.office.com/endpoints/worldwide?noipv6&ClientRequestId=948beb0b-32bb-4e1c-a67d-091c861a0cc6" > office.txt
  • To download only for the Skype service, in CSV format: 
    curl "https://endpoints.office.com/endpoints/worldwide?ServiceAreas=Skype&noipv6&format=CSV&ClientRequestId=948beb0b-32bb-4e1c-a67d-091c861a0cc6" > office.txt
  • To download only the China instance: 
    curl "https://endpoints.office.com/endpoints/China?noipv6&format=CSV&ClientRequestId=948beb0b-32bb-4e1c-a67d-091c861a0cc6" > office.txt

The UUID created earlier is used with the curl commands.

  • The default UUID provided by Microsoft, b10c5ed1-bad1-445f-b386-b919946339a7, could also be used.

See https://docs.microsoft.com/en-us/microsoft-365/enterprise/urls-and-ip-address-ranges?view=o365-worldwide

Check list of Services

jq -r '.[].serviceArea' office.txt | sort | uniq

returns: 

Common
Exchange
SharePoint
Skype

NOTE: The Skype service includes Microsoft Teams.

Because Common service area items are a prerequisite for all other service areas, the web service always includes them.

Get IPs for the Specific Service

Assuming IPs for the Exchange Service is needed. 

jq -r '.[] | select(.serviceArea=="Exchange") | select(.ips) .ips[]' office.txt | sort -t . -k1,1n -k2,2n -k3,3n -k4,4n | uniq

returns: 

13.107.6.152/31
13.107.18.10/31
13.107.128.0/22
23.103.160.0/20
40.92.0.0/15
40.96.0.0/13
40.104.0.0/15
40.107.0.0/16
52.96.0.0/14
52.100.0.0/14
52.238.78.88/32
104.47.0.0/17
131.253.33.215/32
132.245.0.0/16
150.171.32.0/22
204.79.197.215/32

NOTE: The following query could be used, but be aware that this may sometimes drop some IPs. See Numeric Sort Bug. 

jq -r '.[] | select(.serviceArea=="Exchange") | select(.ips) .ips[]' office.txt | sort | uniq

Get Current List of URLs

jq -r '.[] | select(.serviceArea=="Exchange") | select(.urls) .urls[]' office.txt | sort -t . -k1,1n -k2,2n -k3,3n -k4,4n | uniq

returns:

Get Current List of Ports

jq -r '.[] | select(.serviceArea=="Exchange") | .tcpPorts' office.txt | sort | uniq

or 

jq -r '.[] | select(.serviceArea=="Exchange") | .tcpPorts' office.txt  | sed 's/,/\n/'g | sort | uniq

References

https://docs.microsoft.com/en-us/microsoft-365/enterprise/microsoft-365-ip-web-service?view=o365-worldwide

https://docs.microsoft.com/en-us/microsoft-365/enterprise/urls-and-ip-address-ranges?view=o365-worldwide

https://docs.microsoft.com/en-us/microsoft-365/enterprise/microsoft-365-network-connectivity-principles?view=o365-worldwide#new-office-365-endpoint-categories

blocklists/microsoft/get_microsoft_urls_ip_addresses_and_ports.txt · Last modified: 2021/02/07 18:59 by peter
Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki