MS O365 ip address range

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

MS O365 ip address range

L4 Transporter

Hi

 

Any one know if PA have a dynmic range that covers MS ip address range.

 

Seems like the sort of thing that would be easy to implement and would save me a lot of time.

A

2 accepted solutions

Accepted Solutions

@Alex_Samad,

Highly recommend spinning up MineMeld and simply using that to find the Office 365 addresses as it allow you to do a number of other EDL list mining to form usefull EDLs that can be utilized throughout the firewall. 

View solution in original post

L7 Applicator

Use Minemeld! You'll see that it will be useful in quite a few other situations than simply for o365.

 

(Or vote for FR ID 9113 and wait for the implementation)

View solution in original post

7 REPLIES 7

Cyber Elite
Cyber Elite

hi @Alex_Samad

 

There are only dynamic lists for malicious IPs provided by Palo Alto Networks, but you can easily get external dynamic lists and import them through an EDL object

Tom Piens
PANgurus - Strata specialist; config reviews, policy optimization

I do not have an instance to test, but you can create an O365 list in minemeld:

 

https://live.paloaltonetworks.com/t5/MineMeld-Articles/How-to-Safely-Enable-access-to-Office-365-usi...

 

In the past I have used the API and a powershell script to pull the list from Microsoft and create a dynamic address list from that, here are a few articles to point you in the right general direction:

https://support.office.com/en-us/article/office-365-urls-and-ip-address-ranges-8548a211-3fe7-47cb-ab...

https://gallery.technet.microsoft.com/office/Get-Office-365-IP-v4-562987d5

 

A smiliar strategy could be used to dump the list to an EDL if you have somewhere available to host it.

@Alex_Samad,

Highly recommend spinning up MineMeld and simply using that to find the Office 365 addresses as it allow you to do a number of other EDL list mining to form usefull EDLs that can be utilized throughout the firewall. 

L7 Applicator

Use Minemeld! You'll see that it will be useful in quite a few other situations than simply for o365.

 

(Or vote for FR ID 9113 and wait for the implementation)

L4 Transporter

minefield seems to be the way forward.

 

Had a chat with my SE on this and the fuel user group pointed to this

 

I thought I'd comment for anyone reading this who doesn't have the systems to implement Mindmeld, and is looking for an on-prem Windows solution.

 

Microsoft has a powershell method of getting the latest o365 IP Addresses into a text file. You can then host that file on an IIS server, script Powershell to keep it up to date and point a PAN EBL at this file.  Works great.  One catch, the Microsoft Powershell script puts CR-LF at the end of each line and apparently EBL can only handle LF.  So you'll need to edit the powershell script and add this line after the out-file statement:   (Get-Content $datapath -Raw).Replace("`r`n","`n") | Set-Content $datapath -Force   

 

That will replace the CRLF with just LF.

 

Script from MS is here https://docs.microsoft.com/en-gb/Office365/Enterprise/office-365-ip-web-service#example-powershell-s...

 

I posted a Linux scripted solution a few weeks back in response to another query on he EDLs.

 

We briefly looked at mindmeld.

  • 2 accepted solutions
  • 8703 Views
  • 7 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!