While Smoothwall has Office 365 in our blocklist as a category for policy usage, the IP address ranges and domains are not available for easy inclusion into exception settings. The list is available from Microsoft, but needs some work before it can be used so here is a list we sometimes use when Office 365 access needs to bypass the proxy.
Disclaimer: This list current at this date but may change. In the domain list we have often used top level domains instead of multiple subdomains e.g. excel.officeapps.microsoft.com, word.officeapps.microsoft.com was abbreviated to just officapps.microsoft.com. If more granular approach is needed, please amend.
Instructions and background
The domains go into proxy exceptions when using proxy settings on clients. They can be pasted directly into the exception list on the web proxy - web proxy - automatic configuration page for inclusion into the proxy.pac and wpad.dat file that the Smoothwall serve.
The IP addresses are added in the transparent destination exceptions field in Guardian - web filter - exceptions.
It is normally not needed to add the IP ranges to the proxy exceptions on the client. As a rule, applications that honour proxy settings generally use hostnames as destinations. Applications that use IP addresses as destinations will generally not honour proxy settings. Not a hard and fast rule, just our experience.
If proxy settings are not used, just add the IP addresses to the transparent destination exceptions.
Domains in client proxy exceptions and IP addresses in Guardian transparent proxy exceptions will minimize Office 365 traffic being sent via or intercepted by the proxy.
Domain list
office.com
office365.com
office.net
onedrive.com
sharepoint.com
optimizely.com
microsoftonline.com
production.us.trafficmanager.net
microsoft.com
live.com
oneclient.sfx.ms
sharepointonline.com
spoprod-a.akamaihd.net
prod.msocdn.com
svc.ms
lync.com
broadcast.skype.com
skypeforbusiness.com
sfbassets.com
skypemaprdsitus.trafficmanager.net
windows.net
msecnd.net
aspnetcdn.com
live.net
aka.ms
azure.net
windows.com
windows.net
msedge.net
mstea.ms
skypeassets.com
azureedge.net
tenor.com
microsoftstream.com
assets-yammer.com
azureedge.net
onenote.com
onenote.net
aspnetcdn.com
optimizely.com
msappproxy.net
msftidentity.com
msidentity.com
windowsazure.com
microsoftazuread-sso.com
microsoftonline-p.net
msauth.net
msauthimages.net
msftauth.net
msftauthimages.net
phonefactor.net
visualstudio.com
cloudapp.net
staffhub.ms
gfx.ms
appex.bing.com
appex-rf.msn.com
getmicrosoftkey.com
atdmt.com
yammer.com
yammerusercontent.com
sway-cdn.com
sway-extensions.com
sway.com
IP Ranges list (include local subnets if not present already)
104.146.128.0/17
104.42.230.91
104.44.218.128/25
104.44.254.128/25
104.44.255.0/25
104.47.0.0/17
13.91.91.243
13.106.4.128/25
13.106.56.0/25
13.107.128.0/22
13.107.136.0/22
13.107.140.6
13.107.18.10/31
13.107.6.152/31
13.107.6.156/31
13.107.6.171
13.107.7.190/31
13.107.9.155/31
13.80.125.22
131.253.33.215
132.245.0.0/16
134.170.172.128/25
134.170.67.0/25
150.171.32.0/22
150.171.40.0/22
157.55.130.0/25
157.55.145.0/25
157.55.155.0/25
157.55.227.192/26
157.55.45.128/25
191.232.2.128/25
191.234.140.0/22
20.190.128.0/18
204.79.197.215
23.103.160.0/20
40.96.0.0/13
40.104.0.0/15
40.107.0.0/16
40.108.128.0/17
40.126.0.0/18
40.81.156.154
40.92.0.0/15
40.90.218.198
52.108.0.0/14
52.100.0.0/14
52.104.0.0/14
52.174.56.180
52.183.75.62
52.184.165.82
52.238.106.116
52.238.78.88
52.247.150.191
52.96.0.0/14
65.54.170.128/25
For the Teams app, these additional IP ranges are needed.
13.107.64.0/18
52.112.0.0/14
52.120.0.0/14