Enhanced Security Measures in Place: To ensure a safer experience, we’ve implemented additional, temporary security measures for all users.
This article is based on a discussion, Dynamically update Microsoft Office URLs and IPs , posted by @Benzito and answered by @PavelK, @BPry and @Adrian_Jensen. Read on to see the discussion and solution!
Does anyone have any suggestions to dynamically update Microsoft Office 365 (including Sharepoint and Teams) URLs and IPs? Having to update a list of IPs and URLs is impractical and time consuming. Microsoft keeps updating their backend infrastructure through various CDNs, and having to update this has been time-consuming and tedious. How are other users managing this? With MineMeld "deprecated" to GitHub, is there a better option than MineMeld or is that still the best option?
Palo Alto Networks has hosted EDL for this purpose: EDL Hosting Service Helps to Safely Enable Microsoft 365
It is automatically updated without manual intervention.
Is there a way to add an EDL list to the GlobalProtect client gateway config for split tunneling IPs? I can add static/FQDN address objects and address groups to the tplit tunnel access route include/exclude lists, but the EDL objects do not come up. Likewise I can't add an EDL object to an address group either.
There's currently not a way to use an EDL for either purpose. Microsoft actually already publishes optimization URLs and IPs that you can use that account for the majority of 365 traffic. Implementing VPN split tunneling for Microsoft 365 is really all you should need in this regard. Microsoft makes a point to keep these the same so you don't have to always be on the lookup to keep them updated.
