Bypassing Office 365

By Microsoft's own admission, Office 365 can be problematic when trying to access Office 365 services through Filtering Software/Proxies. For this, they have a provided a list of URLs/IPs that need to be bypassed in order for the services to work correctly. This list can be found at https://support.office.com/en-us/article/Office-365-URLs-and-IP-address-ranges-8548a211-3fe7-47cb-abb1-355ea5aa88a2?ui=en-US&rs=en-US&ad=US

If you're looking for instructions on how to configure Office 365 with Email Security, see this article.

As there are hundreds of URLs needing to be bypassed, we have also provided a condensed list in a USS friendly format. The URLs below act as wildcards, so will bypass entire domains, and not the exact subdomains provided by Microsoft. You can use this at your own discretion, but it offers a far smaller list for you to work with and with the same effectiveness of the list provided by Microsoft.

Newer Cloud USS accounts will have a number of System-level Bypasses provided by default, including Bypasses for Office 365. The manual configuration detailed below is only necessary for older accounts, which do not have these System-level Bypasses.

To begin, visit your USS Dashboard and click ProductsWeb SecurityBypass. Click to create a new Category. Give it a sensible name, like "Office 365".

For each of the URLs in the list below, click to add a new Pattern to the Category you just created. Set the Bypass Type to "Bypass Destination Domain Completely", and set the Pattern to the URL.

You'll need to add each URL in this list as a separate Pattern. Make sure you add each of them under the same Category ("Office 365").
office365.com
cloudappsecurity.com
onmicrosoft.com
office.net
office.com
microsoft.com
microsoftonline.com
live.com
azure.net
gfx.ms
onestore.ms
msecnd.net
outlookgroups.ms
linkedin.com
msocdn.com
live.net

Microsoft lists the following URLs as optional:

cloudapp.net
windows.net
helpshift.com
localytics.com
facebook.net
oaspapps.com
uservoice.com
akadns.net
hockeyapp.net
windowsazure.com
visualstudio.net
sharepointonline.com
staffhub.ms
azureedge.net
onedrive.com

Once you've added all of these Bypasses, they need to be enabled. Click Web SecurityAgent Configuration, and choose a Configuration Profile. Click Bypass Categories and enable all of the Bypasses you created above. Finally, click .

You can propagate these changes instantly by logging into your USS Gateway, navigating to System then click the Update Config button. On USS Agent, you can do this by right-clicking the USS Agent icon and hitting Update Config.


How did we do?