Office 365 IP Addresses and URLs

With Office 365 growing as well as Microsoft Data Centers deploying into more countries, the network range is expanding with IPv4, IPv6 etc. The umbrella is becoming larger and how do you keep up to date with what is use currently. Microsoft has launched a document which allows you now run a Restful API query and will give you information back in a JSON format. This has been done so it will be easy to import into your firewall. So security reason, your ANY to ANY rules needs to be looked as Malware, Ransomeware looks for open ports exploits.

Office 365 IP Ranges When you reach the landing page, click on “Web Services”. You have 3 options. You can also go direct to the Office 365 IP Web Services. These are articles will deep dive and understand how and why it is important to know what URL’s and Ranges are in use and locking down your network to be safe. “Prevention is better a cure”

When you run the above in a web browser, your response (mines currently at this time) shows:

[

  {

    “instance”: “Worldwide”,

    “latest”: “2019093000”

  },

  {

    “instance”: “USGovDoD”,

    “latest”: “2019093000”

  },

  {

    “instance”: “USGovGCCHigh”,

    “latest”: “2019093000”

  },

  {

    “instance”: “China”,

    “latest”: “2019093000”

  },

  {

    “instance”: “Germany”,

    “latest”: “2019093000”

  }

]

These are the version currently running in the various countries and Data Centers.

When you run the above in a web browser, your response (mines currently at this time) however, there is too many in this request to show:

[
  {
    "id": 1,
    "serviceArea": "Exchange",
    "serviceAreaDisplayName": "Exchange Online",
    "urls": [
      "outlook.office.com",
      "outlook.office365.com"
    ],
    "ips": [
      "13.107.6.152/31",
      "13.107.18.10/31",
      "13.107.128.0/22",
      "23.103.160.0/20",
      "40.96.0.0/13",
      "40.104.0.0/15",
      "52.96.0.0/14",
      "131.253.33.215/32",
      "132.245.0.0/16",
      "150.171.32.0/22",
      "191.234.140.0/22",
      "204.79.197.215/32",
      "2603:1006::/40",
      "2603:1016::/40",
      "2603:1026::/40",
      "2603:1026:200::/39",
      "2603:1026:400::/39",
      "2603:1026:600::/44",
      "2603:1026:620::/44",
      "2603:1026:800::/44",
      "2603:1026:820::/45",
      "2603:1036::/39",
      "2603:1036:200::/40",
      "2603:1036:400::/40",
      "2603:1036:600::/40",
      "2603:1036:800::/38",
      "2603:1036:c00::/40",
      "2603:1046::/37",
      "2603:1046:900::/40",
      "2603:1056::/40",
      "2603:1056:400::/40",
      "2603:1056:600::/40",
      "2603:1096::/38",
      "2603:1096:400::/40",
      "2603:1096:600::/40",
      "2603:1096:a00::/39",
      "2603:1096:c00::/40",
      "2603:10a6:200::/40",
      "2603:10a6:400::/40",
      "2603:10a6:600::/40",
      "2603:10a6:800::/40",
      "2603:10d6:200::/40",
      "2620:1ec:4::152/128",
      "2620:1ec:4::153/128",
      "2620:1ec:c::10/128",
      "2620:1ec:c::11/128",
      "2620:1ec:d::10/128",
      "2620:1ec:d::11/128",
      "2620:1ec:8f0::/46",
      "2620:1ec:900::/46",
      "2620:1ec:a92::152/128",
      "2620:1ec:a92::153/128",
      "2a01:111:f400::/48"
    ],
    "tcpPorts": "80,443",
    "expressRoute": true,
    "category": "Optimize",
    "required": true
  },
  {
    "id": 2,
    "serviceArea": "Exchange",
    "serviceAreaDisplayName": "Exchange Online",
    "urls": [
      "smtp.office365.com"
    ],
    "ips": [
      "13.107.6.152/31",
      "13.107.18.10/31",
      "13.107.128.0/22",
      "23.103.160.0/20",
      "40.96.0.0/13",
      "40.104.0.0/15",
      "52.96.0.0/14",
      "131.253.33.215/32",
      "132.245.0.0/16",
      "150.171.32.0/22",
      "191.234.140.0/22",
      "204.79.197.215/32",
      "2603:1006::/40",
      "2603:1016::/40",
      "2603:1026::/40",
      "2603:1026:200::/39",
      "2603:1026:400::/39",
      "2603:1026:600::/44",
      "2603:1026:620::/44",
      "2603:1026:800::/44",
      "2603:1026:820::/45",
      "2603:1036::/39",
      "2603:1036:200::/40",
      "2603:1036:400::/40",
      "2603:1036:600::/40",
      "2603:1036:800::/38",
      "2603:1036:c00::/40",
      "2603:1046::/37",
      "2603:1046:900::/40",
      "2603:1056::/40",
      "2603:1056:400::/40",
      "2603:1056:600::/40",
      "2603:1096::/38",
      "2603:1096:400::/40",
      "2603:1096:600::/40",
      "2603:1096:a00::/39",
      "2603:1096:c00::/40",
      "2603:10a6:200::/40",
      "2603:10a6:400::/40",
      "2603:10a6:600::/40",
      "2603:10a6:800::/40",
      "2603:10d6:200::/40",
      "2620:1ec:4::152/128",
      "2620:1ec:4::153/128",
      "2620:1ec:c::10/128",
      "2620:1ec:c::11/128",
      "2620:1ec:d::10/128",
      "2620:1ec:d::11/128",
      "2620:1ec:8f0::/46",
      "2620:1ec:900::/46",
      "2620:1ec:a92::152/128",
      "2620:1ec:a92::153/128",
      "2a01:111:f400::/48"
    ],

 –more—

This shows when the services was first launched:

[
  {
    "id": 1,
    "endpointSetId": 71,
    "disposition": "Change",
    "version": "2018072800",
    "add": {
      "effectiveDate": "20180719",
      "ips": [
        "2603:1020:600::1d3/128",
        "2603:1020:700::1cb/128"
      ]
    }
  },
  {
    "id": 2,
    "endpointSetId": 5,
    "disposition": "Change",
    "version": "2018072800",
    "add": {
      "effectiveDate": "20180724",
      "ips": [
        "2603:1026:600::/44",
        "2603:1026:620::/44",
        "2603:1026:800::/44",
        "2603:1026:820::/45"
      ]
    },
    "remove": {
      "ips": [
        "2603:1026:600::/40",
        "2603:1026:800::/40"
      ]
    }
  },
  {
    "id": 3,
    "endpointSetId": 9,
    "disposition": "Change",
    "version": "2018072800",
    "remove": {
      "ips": [
        "23.103.144.0/20",
        "23.103.212.0/22",
        "40.107.128.0/18"

Reaching out to all Exchange / Office 365 admins and Network engineers…… ensure that these are updated correctly on your firewall and locked down any unused ports. It may sound like a lot but definitely better then have your data at Ransom.

Be the first to comment

Leave a Reply

Your email address will not be published.


*


This site uses Akismet to reduce spam. Learn how your comment data is processed.