MS O365 ip address range

Reply
Highlighted
L4 Transporter

MS O365 ip address range

Hi

 

Any one know if PA have a dynmic range that covers MS ip address range.

 

Seems like the sort of thing that would be easy to implement and would save me a lot of time.

A


Accepted Solutions
Highlighted
L7 Applicator

Re: MS O365 ip address range

@Alex_Samad,

Highly recommend spinning up MineMeld and simply using that to find the Office 365 addresses as it allow you to do a number of other EDL list mining to form usefull EDLs that can be utilized throughout the firewall. 

View solution in original post

Highlighted
L7 Applicator

Re: MS O365 ip address range

Use Minemeld! You'll see that it will be useful in quite a few other situations than simply for o365.

 

(Or vote for FR ID 9113 and wait for the implementation)

View solution in original post


All Replies
Highlighted
L7 Applicator

Re: MS O365 ip address range

hi @Alex_Samad

 

There are only dynamic lists for malicious IPs provided by Palo Alto Networks, but you can easily get external dynamic lists and import them through an EDL object

Highlighted
L4 Transporter

Re: MS O365 ip address range

I do not have an instance to test, but you can create an O365 list in minemeld:

 

https://live.paloaltonetworks.com/t5/MineMeld-Articles/How-to-Safely-Enable-access-to-Office-365-usi...

 

In the past I have used the API and a powershell script to pull the list from Microsoft and create a dynamic address list from that, here are a few articles to point you in the right general direction:

https://support.office.com/en-us/article/office-365-urls-and-ip-address-ranges-8548a211-3fe7-47cb-ab...

https://gallery.technet.microsoft.com/office/Get-Office-365-IP-v4-562987d5

 

A smiliar strategy could be used to dump the list to an EDL if you have somewhere available to host it.

Highlighted
L7 Applicator

Re: MS O365 ip address range

@Alex_Samad,

Highly recommend spinning up MineMeld and simply using that to find the Office 365 addresses as it allow you to do a number of other EDL list mining to form usefull EDLs that can be utilized throughout the firewall. 

View solution in original post

Highlighted
L7 Applicator

Re: MS O365 ip address range

Use Minemeld! You'll see that it will be useful in quite a few other situations than simply for o365.

 

(Or vote for FR ID 9113 and wait for the implementation)

View solution in original post

Highlighted
L4 Transporter

Re: MS O365 ip address range

minefield seems to be the way forward.

 

Had a chat with my SE on this and the fuel user group pointed to this

 

Highlighted
L3 Networker

Re: MS O365 ip address range

I thought I'd comment for anyone reading this who doesn't have the systems to implement Mindmeld, and is looking for an on-prem Windows solution.

 

Microsoft has a powershell method of getting the latest o365 IP Addresses into a text file. You can then host that file on an IIS server, script Powershell to keep it up to date and point a PAN EBL at this file.  Works great.  One catch, the Microsoft Powershell script puts CR-LF at the end of each line and apparently EBL can only handle LF.  So you'll need to edit the powershell script and add this line after the out-file statement:   (Get-Content $datapath -Raw).Replace("`r`n","`n") | Set-Content $datapath -Force   

 

That will replace the CRLF with just LF.

 

Script from MS is here https://docs.microsoft.com/en-gb/Office365/Enterprise/office-365-ip-web-service#example-powershell-s...

 

Highlighted
L4 Transporter

Re: MS O365 ip address range

I posted a Linux scripted solution a few weeks back in response to another query on he EDLs.

 

We briefly looked at mindmeld.

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!