question

TaranjeetMalik-9369 avatar image
0 Votes"
TaranjeetMalik-9369 asked SaiKishor-MSFT answered

Azure Firewall Exceptions for O365 and Defender

Hi

We have deployed Azure Firewall in a hub-spoke topology where the spoke is hosting Azure Virtual Desktop (AVD) session hosts.

I’ve gone through this this article for guidance on how to allow some of the basic Azure infra services (DNS, Health Monitoring, NTP, and KMS etc.)--> https://docs.microsoft.com/en-us/azure/firewall/protect-azure-virtual-desktop


However, it’s not clear on how to create rule exceptions for O365, MS Teams, and Defender. There’s a huge list of URLs and IP listed here for example--> https://docs.microsoft.com/en-us/microsoft-365/enterprise/microsoft-365-ip-web-service?view=o365-worldwide

Also, as the list changes often, would like to know how ppl. manage to keep the firewall rules up to date?

We’re seeing the following errors reported on virtual desktop sessions because of the missing rules / exceptions:

158211-defender-protection-updated-failed.gif

158212-ms-teams-connectivity-issue.gif



Thanks
Taranjeet Singh

azure-firewallazure-firewall-manager
defender-protection-updated-failed.gif (88.9 KiB)
ms-teams-connectivity-issue.gif (423.6 KiB)
5 |1600 characters needed characters left characters exceeded
Toggle Comment visibility. Current Visibility: Visible to all users

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

1 Answer

SaiKishor-MSFT avatar image
0 Votes"
SaiKishor-MSFT answered

@TaranjeetMalik-9369 Thank you for reaching out to Microsoft Q&a. I understand that you want to know how to create rule exceptions for O365, MS Teams, and Defender and also want to keep the firewall rules up to date.

Here is a list of IPs for Office 365 URLs and IP address ranges. This list also includes Skype for Business Online and Microsoft Teams IPs.
To manage access to O365 via the firewall, please refer to the Change Management for O365 IP addresses and URLs website. Changes to the Office 365 IP addresses and URLs are usually published near the last day of each month. Sometimes a change will be published outside of that schedule due to operational, support, or security requirements. Therefore, you can opt for one of the Change Management methods mentioned in the above document to get change notifications regarding the same.

Hope this helps. Please let us know if you have any further questions and we will be glad to assist you further. Thank you!

Remember:

Please accept an answer if correct. Original posters help the community find answers faster by identifying the correct answer. Here is how.

Want a reminder to come back and check responses? Here is how to subscribe to a notification.


5 |1600 characters needed characters left characters exceeded
Toggle Comment visibility. Current Visibility: Visible to all users

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.