Updates from: 02/06/2024 07:37:23
Category Microsoft Docs article Related commit history on GitHub Change details
includes Copilot Content Updates https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/copilot/includes/copilot-content-updates.md
+## Week of January 29, 2024
++
+| Published On |Topic title | Change |
+|||--|
+| 2/2/2024 | [Microsoft Copilot for Microsoft 365 requirements](/microsoft-365-copilot/microsoft-365-copilot-requirements) | modified |
++ ## Week of January 22, 2024
enterprise Additional Office365 Ip Addresses And Urls https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/enterprise/additional-office365-ip-addresses-and-urls.md
Title: Other endpoints not included in the Office 365 IP Address and URL Web service
+ Title: Other endpoints not included in the Microsoft 365 IP Address and URL Web service
Previously updated : 08/30/2023 Last updated : 01/31/2024 audience: Admin
- scotvorg - Ent_O365 - Strat_O365_Enterprise
+- must-keep
f1.keywords: - CSH
description: "Summary: The new endpoint Web service doesn't include a few endpoi
hideEdit: true
-# Other endpoints not included in the Office 365 IP Address and URL Web service
+# Other endpoints not included in the Microsoft 365 IP Address and URL Web service
-Some network endpoints were previously published and haven't been included in the [Office 365 IP Address and URL Web Service](microsoft-365-ip-web-service.md). The web service publishes network endpoints that are required for Office 365 connectivity across an enterprise perimeter network. This scope currently doesn't include:
+Some network endpoints were previously published and haven't been included in the [Microsoft 365 IP Address and URL Web Service](microsoft-365-ip-web-service.md). The web service publishes network endpoints that are required for Microsoft 365 connectivity across an enterprise perimeter network. This scope currently doesn't include:
1. Network connectivity that may be required from a Microsoft datacenter to a customer network (inbound hybrid server network traffic). 2. Network connectivity from servers on a customer network across the enterprise perimeter (outbound server network traffic).
Apart from DNS, these instances are all optional for most customers unless you n
|Row|Purpose|Destination|Type| ||||| |1|**[Import Service](https://support.office.com/article/use-network-upload-to-import-your-organization-pst-files-to-office-365-103f940c-0468-4e1a-b527-cc8ad13a5ea6) for PST and file ingestion**|Refer to the [Import Service](https://support.office.com/article/use-network-upload-to-import-your-organization-pst-files-to-office-365-103f940c-0468-4e1a-b527-cc8ad13a5ea6) for more requirements.|Uncommon outbound scenario|
-|2|**[Microsoft Support and Recovery Assistant for Office 365](https://diagnostics.office.com/#/)**|`https://autodiscover.outlook.com` <br> <https://officecdn.microsoft.com> <br> <https://api.diagnostics.office.com> <br> `https://apibasic.diagnostics.office.com` <br> <https://autodiscover-s.outlook.com> <br> `https://cloudcheckenabler.azurewebsites.net` <br> <https://login.live.com> <br> <https://login.microsoftonline.com> <br> <https://login.windows.net> <br> <https://o365diagtelemetry.trafficmanager.net> <br> <https://odc.officeapps.live.com> <br> <https://offcatedge.azureedge.net> <br> <https://officeapps.live.com> <br> <https://outlook.office365.com> <br> <https://outlookdiagnostics.azureedge.net> <br> <https://sara.api.support.microsoft.com> |Outbound server traffic|
+|2|**[Microsoft Support and Recovery Assistant for Office 365](https://diagnostics.office.com/#/)**|`https://autodiscover.outlook.com` <br> `https://officecdn.microsoft.com` <br> `https://api.diagnostics.office.com` <br> `https://apibasic.diagnostics.office.com` <br> `https://autodiscover-s.outlook.com` <br> `https://cloudcheckenabler.azurewebsites.net` <br> `https://login.live.com` <br> `https://login.microsoftonline.com` <br> `https://login.windows.net` <br> `https://o365diagtelemetry.trafficmanager.net` <br> `https://odc.officeapps.live.com` <br> `https://offcatedge.azureedge.net` <br> `https://officeapps.live.com` <br> `https://outlook.office365.com` <br> `https://outlookdiagnostics.azureedge.net` <br> `https://sara.api.support.microsoft.com` |Outbound server traffic|
|3|**Microsoft Entra Connect (w/SSO option)** <p> WinRM & remote PowerShell|Customer STS environment (AD FS Server and AD FS Proxy) \| TCP ports 80 & 443|Inbound server traffic| |4|**STS** such as AD FS Proxy server(s) (for federated customers only)|Customer STS (such as AD FS Proxy) \| Ports TCP 443 or TCP 49443 w/ClientTLS|Inbound server traffic| |5|**[Exchange Online Unified Messaging/SBC integration](/exchange/voice-mail-unified-messaging/telephone-system-integration-with-um/configuration-notes-for-session-border-controllers)**|Bidirectional between on-premises Session Border Controller and \*.um.outlook.com|Outbound server-only traffic|
-|6|**Mailbox Migration**<p>When mailbox migration is initiated from on-premises [Exchange Hybrid](/exchange/exchange-deployment-assistant) to Office 365, Office 365 connects to your published Exchange Web Services (EWS)/Mailbox Replication Services (MRS) server. If you need to allow inbound connections only from specific source IP ranges, create a permit rule for the IP addresses listed in the **Exchange Online** table in [Office 365 URL & IP ranges](urls-and-ip-address-ranges.md). <p> To ensure that connectivity to published EWS endpoints (like OWA) is not blocked, make sure the MRS proxy resolves to a separate FQDN and public IP address before you restrict connections.|Customer on-premises EWS/MRS Proxy <br> TCP port 443|Inbound server traffic|
+|6|**Mailbox Migration**<p>When mailbox migration is initiated from on-premises [Exchange Hybrid](/exchange/exchange-deployment-assistant) to Microsoft 365, Microsoft 365 connects to your published Exchange Web Services (EWS)/Mailbox Replication Services (MRS) server. If you need to allow inbound connections only from specific source IP ranges, create a permit rule for the IP addresses listed in the **Exchange Online** table in [Microsoft 365 URL & IP ranges](urls-and-ip-address-ranges.md). <p> To ensure that connectivity to published EWS endpoints (like OWA) is not blocked, make sure the MRS proxy resolves to a separate FQDN and public IP address before you restrict connections.|Customer on-premises EWS/MRS Proxy <br> TCP port 443|Inbound server traffic|
|7|**[Exchange Hybrid](/exchange/exchange-deployment-assistant) coexistence functions** such as Free/Busy sharing.|Customer on-premises Exchange server|Inbound server traffic| |8|**[Exchange Hybrid](/exchange/exchange-deployment-assistant) proxy authentication**|Customer on-premises STS|Inbound server traffic| |9|Used to configure [Exchange Hybrid](/exchange/exchange-deployment-assistant), using the **[Exchange Hybrid Configuration Wizard](/exchange/hybrid-configuration-wizard)** <p> Note: These endpoints are only required to configure Exchange hybrid|domains.live.com on TCP ports 80 & 443, only required for Exchange 2010 SP3 Hybrid Configuration Wizard <p> GCC High, DoD IP addresses: 40.118.209.192/32; 168.62.190.41/32 <p> Worldwide Commercial & GCC: \*.store.core.windows.net; asl.configure.office.com; tds.configure.office.com; mshybridservice.trafficmanager.net ; <br> aka.ms/hybridwizard; <br> shcwreleaseprod.blob.core.windows.net/shcw/\*;|Outbound server-only traffic|
Apart from DNS, these instances are all optional for most customers unless you n
|18|**Yammer** <br> Yammer is only available in the browser and requires the authenticated user to be passed through a proxy. All Yammer FQDNs need to be in your client's IE or Edge Trusted Sites Zone to function.||Trusted Sites| |19|Use **[Microsoft Entra Connect](/azure/active-directory/hybrid/)** to sync on-premises user accounts to Microsoft Entra ID.|See [Hybrid Identity Required Ports and Protocols](/azure/active-directory/hybrid/reference-connect-ports), [Troubleshoot Microsoft Entra connectivity](/azure/active-directory/hybrid/tshoot-connect-connectivity), and [Microsoft Entra Connect Health Agent Installation](/azure/active-directory/hybrid/how-to-connect-health-agent-install#outbound-connectivity-to-the-azure-service-endpoints).|Outbound server-only traffic| |20|**[Microsoft Entra Connect](/azure/active-directory/hybrid/)** with 21 ViaNet in China to sync on-premises user accounts to Microsoft Entra ID.|\*.digicert.com:80 <BR> \*.entrust.net:80 <BR> \*.chinacloudapi.cn:443 <br> secure.aadcdn.partner.microsoftonline-p.cn:443 <br> \*.partner.microsoftonline.cn:443 <p> Also see [Troubleshoot ingress with Microsoft Entra connectivity issues](https://docs.azure.cn/zh-cn/active-directory/hybrid/tshoot-connect-connectivity).|Outbound server-only traffic|
-|21|**Microsoft Stream** (needs the Microsoft Entra user token). <br> Office 365 Worldwide (including GCC)|\*.cloudapp.net <br> \*.api.microsoftstream.com <br> \*.notification.api.microsoftstream.com <br> amp.azure.net <br> api.microsoftstream.com <br> az416426.vo.msecnd.net <br> s0.assets-yammer.com <br> vortex.data.microsoft.com <br> web.microsoftstream.com <br> TCP port 443|Inbound server traffic|
+|21|**Microsoft Stream** (needs the Microsoft Entra user token). <br> Microsoft 365 Worldwide (including GCC)|\*.cloudapp.net <br> \*.api.microsoftstream.com <br> \*.notification.api.microsoftstream.com <br> amp.azure.net <br> api.microsoftstream.com <br> az416426.vo.msecnd.net <br> s0.assets-yammer.com <br> vortex.data.microsoft.com <br> web.microsoftstream.com <br> TCP port 443|Inbound server traffic|
|22|Use **MFA server** for multifactor authentication requests, both new installations of the server and setting it up with Active Directory Domain Services (AD DS).|See [Getting started with the Azure Multi-Factor Authentication Server](/azure/active-directory/authentication/howto-mfaserver-deploy#plan-your-deployment).|Outbound server-only traffic| |23|**Microsoft Graph Change Notifications** <p> Developers can use [change notifications](/graph/webhooks?context=graph%2fapi%2f1.0&view=graph-rest-1.0&preserve-view=true) to subscribe to events in the Microsoft Graph.|Public Cloud:<br>52.159.23.209, 52.159.17.84, 13.78.204.0, 52.148.24.136, 52.148.27.39, 52.147.213.251, 52.147.213.181, 20.127.53.125, 40.76.162.99, 40.76.162.42, 70.37.95.92, 70.37.95.11, 70.37.92.195, 70.37.93.191, 70.37.90.219, 20.9.36.45, 20.9.35.166, 20.9.36.128, 20.9.37.73, 20.9.37.76, 20.96.21.67, 20.69.245.215, 104.46.117.15, 20.96.21.98, 20.96.21.115, 137.135.11.161, 137.135.11.116, 20.253.156.113, 137.135.11.222, 137.135.11.250, 52.159.107.50, 52.159.107.4, 52.159.124.33, 52.159.109.205, 52.159.102.72, 20.98.68.182, 20.98.68.57, 20.98.68.200, 20.98.68.203, 20.98.68.218, 20.171.81.121, 20.25.189.138, 20.171.82.192, 20.171.83.146, 20.171.83.157, 52.142.114.29, 52.142.115.31, 20.223.139.245, 51.104.159.213, 51.104.159.181, 51.124.75.43, 51.124.73.177, 104.40.209.182, 51.138.90.7, 51.138.90.52, 20.199.102.157, 20.199.102.73, 20.216.150.67, 20.111.9.46, 20.111.9.77, 13.87.81.123, 13.87.81.35, 20.90.99.1, 13.87.81.133, 13.87.81.141, 20.91.212.211, 20.91.212.136, 20.91.213.57, 20.91.208.88, 20.91.209.147, 20.44.210.83, 20.44.210.146, 20.212.153.162, 52.148.115.48, 52.148.114.238, 40.80.232.177, 40.80.232.118, 52.231.196.24, 40.80.233.14, 40.80.239.196, 20.48.12.75, 20.48.11.201, 20.89.108.161, 20.48.14.35, 20.48.15.147, 104.215.13.23, 104.215.6.169, 20.89.240.165, 104.215.18.55, 104.215.12.254 <br> 20.20.32.0/19, 20.190.128.0/18, 20.231.128.0/19, 40.126.0.0/18, 2603:1006:2000::/48, 2603:1007:200::/48, 2603:1016:1400::/48, 2603:1017::/48, 2603:1026:3000::/48, 2603:1027:1::/48, 2603:1036:3000::/48, 2603:1037:1::/48, 2603:1046:2000::/48, 2603:1047:1::/48, 2603:1056:2000::/48, 2603:1057:2::/48 <br> <br> Microsoft Cloud for US Government: <br>52.244.33.45, 52.244.35.174, 52.243.157.104, 52.243.157.105, 52.182.25.254, 52.182.25.110, 52.181.25.67, 52.181.25.66, 52.244.111.156, 52.244.111.170, 52.243.147.249, 52.243.148.19, 52.182.32.51, 52.182.32.143, 52.181.24.199, 52.181.24.220 <br> 20.140.232.0/23, 52.126.194.0/23, 2001:489a:3500::/50 <br> <br> Microsoft Cloud China operated by 21Vianet:<br> 42.159.72.35, 42.159.72.47, 42.159.180.55, 42.159.180.56, 40.125.138.23, 40.125.136.69, 40.72.155.199, 40.72.155.216 <br> 40.72.70.0/23, 52.130.2.32/27, 52.130.3.64/27, 52.130.17.192/27, 52.130.18.32/27, 2406:e500:5500::/48 <br> <br> TCP port 443 <p> Note: Developers can specify different ports when creating the subscriptions.|Inbound server traffic| |24|**Network Connection Status Indicator**<p>Used by Windows 10 and 11 to determine if the computer is connected to the internet (does not apply to non-Windows clients). When this URL cannot be reached, Windows assumes it is not connected to the Internet and M365 Apps for Enterprise will not try to verify activation status, causing connections to Exchange and other services to fail.|www.msftconnecttest.com <br> <p> Also see [Manage connection endpoints for Windows 11 Enterprise](/windows/privacy/manage-windows-11-endpoints) and [Manage connection endpoints for Windows 10 Enterprise, version 21H2](/windows/privacy/manage-windows-21h2-endpoints).|Outbound server-only traffic|
Apart from DNS, these instances are all optional for most customers unless you n
## Related Topics
-[Managing Office 365 endpoints](managing-office-365-endpoints.md)
+[Managing Microsoft 365 endpoints](managing-office-365-endpoints.md)
[Monitor Microsoft 365 connectivity](./monitor-connectivity.md)
enterprise Managing Office 365 Endpoints https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/enterprise/managing-office-365-endpoints.md
Title: Managing Microsoft 365 endpoints
Previously updated : 10/30/2023 Last updated : 01/19/2024 audience: ITPro
- scotvorg - M365-subscription-management - Strat_O365_Enterprise
+- must-keep
f1.keywords: - CSH
enterprise Microsoft 365 Endpoints https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/enterprise/microsoft-365-endpoints.md
Title: "Microsoft 365 endpoints"
Previously updated : 12/19/2023 Last updated : 01/19/2024 audience: ITPro
There are currently five different Microsoft 365 clouds. This table takes you to
| [Microsoft 365 operated by 21Vianet endpoints](urls-and-ip-address-ranges-21vianet.md) | The endpoints for Microsoft 365 operated by 21Vianet, which is designed to meet the needs for Microsoft 365 in China. | |||
-To automate getting the latest list of endpoints for your Microsoft 365 cloud, see the [Office 365 IP Address and URL Web service](microsoft-365-ip-web-service.md).
+To automate getting the latest list of endpoints for your Microsoft 365 cloud, see the [Microsoft 365 IP Address and URL Web service](microsoft-365-ip-web-service.md).
For more endpoints, see these articles:
If you're a network equipment vendor, join the [Office 365 Networking Partner Pr
## See also
-[Office 365 IP Address and URL Web service](microsoft-365-ip-web-service.md)
+[Microsoft 365 IP Address and URL Web service](microsoft-365-ip-web-service.md)
enterprise Microsoft 365 Ip Web Service https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/enterprise/microsoft-365-ip-web-service.md
Title: "Office 365 IP Address and URL web service"
+ Title: "Microsoft 365 IP Address and URL web service"
Previously updated : 12/05/2022 Last updated : 01/19/2024 audience: ITPro
- Ent_O365 - Strat_O365_Enterprise - m365initiative-coredeploy
+- must-keep
f1.keywords: - CSH
search.appverid:
- MET150 - MOE150 - BCS160
-description: Learn how to use the Office 365 IP Address and URL web service to help you better identify and differentiate Office 365 network traffic.
+description: Learn how to use the Microsoft 365 IP Address and URL web service to help you better identify and differentiate Microsoft 365 network traffic.
-# Office 365 IP Address and URL web service
+# Microsoft 365 IP Address and URL web service
-The Office 365 IP Address and URL web service helps you better identify and differentiate Office 365 network traffic, making it easier for you to evaluate, configure, and stay up to date with changes. This REST-based web service replaces the previous XML downloadable files, which were phased out on October 2, 2018.
+The Microsoft 365 IP Address and URL web service helps you better identify and differentiate Microsoft 365 network traffic, making it easier for you to evaluate, configure, and stay up to date with changes. This REST-based web service replaces the previous XML downloadable files, which were phased out on October 2, 2018.
-As a customer or a network perimeter device vendor, you can build against the web service for Office 365 IP address and FQDN entries. You can access the data directly in a web browser using these URLs:
+As a customer or a network perimeter device vendor, you can build against the web service for Microsoft 365 IP address and FQDN entries. You can access the data directly in a web browser using these URLs:
-- For the latest version of the Office 365 URLs and IP address ranges, use [https://endpoints.office.com/version](https://endpoints.office.com/version?clientrequestid=b10c5ed1-bad1-445f-b386-b919946339a7).-- For the data on the Office 365 URLs and IP address ranges page for firewalls and proxy servers, use [https://endpoints.office.com/endpoints/worldwide](https://endpoints.office.com/endpoints/worldwide?clientrequestid=b10c5ed1-bad1-445f-b386-b919946339a7).
+- For the latest version of the Microsoft 365 URLs and IP address ranges, use [https://endpoints.office.com/version](https://endpoints.office.com/version?clientrequestid=b10c5ed1-bad1-445f-b386-b919946339a7).
+- For the data on the Microsoft 365 URLs and IP address ranges page for firewalls and proxy servers, use [https://endpoints.office.com/endpoints/worldwide](https://endpoints.office.com/endpoints/worldwide?clientrequestid=b10c5ed1-bad1-445f-b386-b919946339a7).
- To get all the latest changes since July 2018 when the web service was first available, use [https://endpoints.office.com/changes/worldwide/0000000000](https://endpoints.office.com/changes/worldwide/0000000000?clientrequestid=b10c5ed1-bad1-445f-b386-b919946339a7). As a customer, you can use this web service to: -- Update your PowerShell scripts to obtain Office 365 endpoint data and modify any formatting for your networking devices.
+- Update your PowerShell scripts to obtain Microsoft 365 endpoint data and modify any formatting for your networking devices.
- Use this information to update PAC files deployed to client computers. As a network perimeter device vendor, you can use this web service to:
As a network perimeter device vendor, you can use this web service to:
- Get the current changes. > [!NOTE]
-> If you are using Azure ExpressRoute to connect to Office 365, please review [Azure ExpressRoute for Microsoft 365](azure-expressroute.md) to familiarize yourself with the Office 365 services supported over Azure ExpressRoute. Also review the article [Office 365 URLs and IP address ranges](urls-and-ip-address-ranges.md) to understand which network requests for Office 365 applications require Internet connectivity. This will help to better configure your perimeter security devices.
+> If you are using Azure ExpressRoute to connect to Microsoft 365, please review [Azure ExpressRoute for Microsoft 365](azure-expressroute.md) to familiarize yourself with the Microsoft 365 services supported over Azure ExpressRoute. Also review the article [Microsoft 365 URLs and IP address ranges](urls-and-ip-address-ranges.md) to understand which network requests for Microsoft 365 applications require Internet connectivity. This will help to better configure your perimeter security devices.
For more information, see:
For more information, see:
These parameters are common across all the web service methods: - **format=\<JSON \| CSV\>** ΓÇöBy default, the returned data format is JSON. Use this optional parameter to return the data in comma-separated values (CSV) format.-- **ClientRequestId=\<guid\>** ΓÇöA required GUID that you generate for client association. Generate a unique GUID for each machine that calls the web service (the scripts included on this page generate a GUID for you). Do not use the GUIDs shown in the following examples because they might be blocked by the web service in the future. GUID format is _xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx_, where x represents a hexadecimal number.
+- **ClientRequestId=\<guid\>** ΓÇöA required GUID that you generate for client association. Generate a unique GUID for each machine that calls the web service (the scripts included on this page generate a GUID for you). Don't use the GUIDs shown in the following examples because they might be blocked by the web service in the future. GUID format is _xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx_, where x represents a hexadecimal number.
To generate a GUID, you can use the [New-Guid](/powershell/module/microsoft.powershell.utility/new-guid) PowerShell command, or use an online service such as [Online GUID Generator](https://www.guidgenerator.com/). ## Version web method
-Microsoft updates the Office 365 IP address and FQDN entries at the beginning of each month. Out-of-band updates are sometimes published due to support incidents, security updates or other operational requirements.
+Microsoft updates the Microsoft 365 IP address and FQDN entries at the beginning of each month. Out-of-band updates are sometimes published due to support incidents, security updates or other operational requirements.
-The data for each published instance is assigned a version number, and the version web method enables you to check for the latest version of each Office 365 service instance. We recommend that you check the version not more than once an hour.
+The data for each published instance is assigned a version number, and the version web method enables you to check for the latest version of each Microsoft 365 service instance. We recommend that you check the version not more than once an hour.
Parameters for the version web method are:
Parameters for the version web method are:
- **Format=\<JSON \| CSV \| RSS\>** ΓÇöIn addition to the JSON and CSV formats, the version web method also supports RSS. You can use this optional parameter along with the _AllVersions=true_ parameter to request an RSS feed that can be used with Outlook or other RSS readers. - **Instance=\<Worldwide \| China \| USGovDoD \| USGovGCCHigh\>** ΓÇöThis optional parameter specifies the instance to return the version for. If omitted, all instances are returned. Valid instances are: Worldwide, China, USGovDoD, USGovGCCHigh.
-The version web method is not rate limited and does not ever return 429 HTTP Response Codes. The response to the version web method does include a cache-control header recommending caching of the data for 1 hour. The result from the version web method can be a single record or an array of records. The elements of each record are:
+The version web method isn't rate limited and doesn't ever return 429 HTTP Response Codes. The response to the version web method does include a cache-control header recommending caching of the data for 1 hour. The result from the version web method can be a single record or an array of records. The elements of each record are:
-- instanceΓÇöThe short name of the Office 365 service instance.
+- instanceΓÇöThe short name of the Microsoft 365 service instance.
- latestΓÇöThe latest version for endpoints of the specified instance. - versionsΓÇöA list of all previous versions for the specified instance. This element is only included if the _AllVersions_ parameter is true.
The version web method is not rate limited and does not ever return 429 HTTP Res
Example 1 request URI: <https://endpoints.office.com/version?ClientRequestId=b10c5ed1-bad1-445f-b386-b919946339a7>
-This URI returns the latest version of each Office 365 service instance. Example result:
+This URI returns the latest version of each Microsoft 365 service instance. Example result:
```json [
This URI returns the latest version of each Office 365 service instance. Example
Example 2 request URI: <https://endpoints.office.com/version/Worldwide?ClientRequestId=b10c5ed1-bad1-445f-b386-b919946339a7>
-This URI returns the latest version of the specified Office 365 service instance. Example result:
+This URI returns the latest version of the specified Microsoft 365 service instance. Example result:
```json {
Worldwide,2018063000
Example 4 request URI: <https://endpoints.office.com/version/Worldwide?AllVersions=true&ClientRequestId=b10c5ed1-bad1-445f-b386-b919946339a7>
-This URI shows all prior versions that have been published for the Office 365 worldwide service instance. Example result:
+This URI shows all prior versions that have been published for the Microsoft 365 worldwide service instance. Example result:
```json {
This URI shows an RSS feed of the published versions that include links to the l
## Endpoints web method
-The endpoints web method returns all records for IP address ranges and URLs that make up the Office 365 service. The latest data from the endpoints web method should always be used for network device configuration. Microsoft provides advance notice 30 days prior to publishing new additions to give you time to update access control lists and proxy server bypass lists. We recommend that you only call the endpoints web method again when the version web method indicates that a new version of the data is available.
+The endpoints web method returns all records for IP address ranges and URLs that make up the Microsoft 365 service. The latest data from the endpoints web method should always be used for network device configuration. Microsoft provides advance notice 30 days prior to publishing new additions to give you time to update access control lists and proxy server bypass lists. We recommend that you only call the endpoints web method again when the version web method indicates that a new version of the data is available.
Parameters for the endpoints web method are: -- **ServiceAreas=\<Common \| Exchange \| SharePoint \| Skype\>** ΓÇöA comma-separated list of service areas. Valid items are _Common_, _Exchange_, _SharePoint_, and _Skype_. Because _Common_ service area items are a prerequisite for all other service areas, the web service always includes them. If you do not include this parameter, all service areas are returned.-- **TenantName=\<tenant_name\>** ΓÇöYour Office 365 tenant name. The web service takes your provided name and inserts it in parts of URLs that include the tenant name. If you don't provide a tenant name, those parts of URLs have the wildcard character (\*).
+- **ServiceAreas=\<Common \| Exchange \| SharePoint \| Skype\>** ΓÇöA comma-separated list of service areas. Valid items are _Common_, _Exchange_, _SharePoint_, and _Skype_. Because _Common_ service area items are a prerequisite for all other service areas, the web service always includes them. If you don't include this parameter, all service areas are returned.
+- **TenantName=\<tenant_name\>** ΓÇöYour Microsoft 365 tenant name. The web service takes your provided name and inserts it in parts of URLs that include the tenant name. If you don't provide a tenant name, those parts of URLs have the wildcard character (\*).
- **NoIPv6=\<true \| false\>** ΓÇöSet the value to _true_ to exclude IPv6 addresses from the output if you don't use IPv6 in your network. - **Instance=\<Worldwide \| China \| USGovDoD \| USGovGCCHigh\>** ΓÇöThis required parameter specifies the instance from which to return the endpoints. Valid instances are: _Worldwide_, _China_, _USGovDoD_, and _USGovGCCHigh_.
The result from the endpoints web method is an array of records in which each re
- tcpPortsΓÇöTCP ports for the endpoint set. All ports elements are formatted as a comma-separated list of ports or port ranges separated by a dash character (-). Ports apply to all IP addresses and all URLs in the endpoint set for a given category. Omitted if blank. - udpPortsΓÇöUDP ports for the IP address ranges in this endpoint set. Omitted if blank. - ips ΓÇöThe IP address ranges associated with this endpoint set as associated with the listed TCP or UDP ports. A JSON array of IP address ranges. Omitted if blank.-- categoryΓÇöThe connectivity category for the endpoint set. Valid values are _Optimize_, _Allow_, and _Default_. If you search the endpoints web method output for the category of a specific IP address or URL, it is possible that your query will return multiple categories. In such a case, follow the recommendation for the highest priority category. For example, if the endpoint appears in both _Optimize_ and _Allow_, you should follow the requirements for _Optimize_. Required.
+- categoryΓÇöThe connectivity category for the endpoint set. Valid values are _Optimize_, _Allow_, and _Default_. If you search the endpoints web method output for the category of a specific IP address or URL, it's possible that your query will return multiple categories. In such a case, follow the recommendation for the highest priority category. For example, if the endpoint appears in both _Optimize_ and _Allow_, you should follow the requirements for _Optimize_. Required.
- expressRoute ΓÇö _True_ if this endpoint set is routed over ExpressRoute, _False_ if not.-- required ΓÇö _True_ if this endpoint set is required to have connectivity for Office 365 to be supported. _False_ if this endpoint set is optional.-- notesΓÇöFor optional endpoints, this text describes Office 365 functionality that would be unavailable if IP addresses or URLs in this endpoint set cannot be accessed at the network layer. Omitted if blank.
+- required ΓÇö _True_ if this endpoint set is required to have connectivity for Microsoft 365 to be supported. _False_ if this endpoint set is optional.
+- notesΓÇöFor optional endpoints, this text describes Microsoft 365 functionality that would be unavailable if IP addresses or URLs in this endpoint set can't be accessed at the network layer. Omitted if blank.
### Endpoints web method examples Example 1 request URI: <https://endpoints.office.com/endpoints/Worldwide?ClientRequestId=b10c5ed1-bad1-445f-b386-b919946339a7>
-This URI obtains all endpoints for the Office 365 worldwide instance for all workloads. Example result that shows an excerpt of the output:
+This URI obtains all endpoints for the Microsoft 365 worldwide instance for all workloads. Example result that shows an excerpt of the output:
```json [
The full output of the request in this example would contain other endpoint sets
Example 2 request URI: [https://endpoints.office.com/endpoints/Worldwide?ServiceAreas=Exchange&amp;ClientRequestId=b10c5ed1-bad1-445f-b386-b919946339a7](https://endpoints.office.com/endpoints/Worldwide?ServiceAreas=Exchange&amp;ClientRequestId=b10c5ed1-bad1-445f-b386-b919946339a7)
-This example obtains endpoints for the Office 365 Worldwide instance for Exchange Online and dependencies only.
+This example obtains endpoints for the Microsoft 365 Worldwide instance for Exchange Online and dependencies only.
-The output, for example, 2 is similar to example 1 except that the results would not include endpoints for SharePoint Online or Skype for Business Online.
+The output, for example, 2 is similar to example 1 except that the results wouldn't include endpoints for SharePoint or Skype for Business Online.
## Changes web method The changes web method returns the most recent updates that have been published, typically the previous month's changes to IP address ranges and URLs.
-The most critical changes to endpoints data are new URLs and IP addresses. Failure to add an IP address to a firewall access control list or a URL to a proxy server bypass list can cause an outage for Office 365 users behind that network device. Notwithstanding operational requirements, new endpoints are published to the web service 30 days in advance of the date the endpoints are provisioned for use to give you time to update access control lists and proxy server bypass lists.
+The most critical changes to endpoints data are new URLs and IP addresses. Failure to add an IP address to a firewall access control list or a URL to a proxy server bypass list can cause an outage for Microsoft 365 users behind that network device. Notwithstanding operational requirements, new endpoints are published to the web service 30 days in advance of the date the endpoints are provisioned for use to give you time to update access control lists and proxy server bypass lists.
The required parameter for the changes web method is:
The result from the changes web method is an array of records in which each reco
- endpointSetIdΓÇöThe ID of the endpoint set record that is changed. - dispositionΓÇöDescribes what the change did to the endpoint set record. Values are _change_, _add_, or _remove_. - impactΓÇöNot all changes will be equally important to every environment. This element describes the expected impact to an enterprise network perimeter environment as a result of this change. This element is included only in change records of version **2018112800** and later. Options for the impact are:
- ΓÇö AddedIp ΓÇô An IP address was added to Office 365 and will be live on the service soon. This represents a change you need to take on a firewall or other layer 3 network perimeter device. If you don't add this before we start using it, you may experience an outage.
- ΓÇö AddedUrl ΓÇô A URL was added to Office 365 and will be live on the service soon. This represents a change you need to take on a proxy server or URL parsing network perimeter device. If you don't add this URL before we start using it, you may experience an outage.
+ ΓÇö AddedIp ΓÇô An IP address was added to Microsoft 365 and will be live on the service soon. This represents a change you need to take on a firewall or other layer 3 network perimeter device. If you don't add this before we start using it, you may experience an outage.
+ ΓÇö AddedUrl ΓÇô A URL was added to Microsoft 365 and will be live on the service soon. This represents a change you need to take on a proxy server or URL parsing network perimeter device. If you don't add this URL before we start using it, you may experience an outage.
ΓÇö AddedIpAndUrlΓÇöBoth an IP address and a URL were added. This represents a change you need to take on either a firewall layer 3 device or a proxy server or URL parsing device. If you don't add this IP/URL pair before we start using it, you may experience an outage.
- ΓÇö RemovedIpOrUrl ΓÇô At least one IP address or URL was removed from Office 365. Remove the network endpoints from your perimeter devices, but there's no deadline for you to do this.
+ ΓÇö RemovedIpOrUrl ΓÇô At least one IP address or URL was removed from Microsoft 365. Remove the network endpoints from your perimeter devices, but there's no deadline for you to do this.
ΓÇö ChangedIsExpressRoute ΓÇô The ExpressRoute support attribute was changed. If you use ExpressRoute, you might need to take action depending on your configuration. ΓÇö MovedIpOrUrl ΓÇô We moved an IP address or Url between this endpoint set and another one. Generally no action is required.
- ΓÇö RemovedDuplicateIpOrUrl ΓÇô We removed a duplicate IP address or Url but it's still published for Office 365. Generally no action is required.
+ ΓÇö RemovedDuplicateIpOrUrl ΓÇô We removed a duplicate IP address or Url but it's still published for Microsoft 365. Generally no action is required.
ΓÇö OtherNonPriorityChanges ΓÇô We changed something less critical than all of the other options, such as the contents of a note field. - versionΓÇöThe version of the published endpoint set in which the change was introduced. Version numbers are of the format _YYYYMMDDNN_, where _NN_ is a natural number incremented if there are multiple versions required to be published on a single day.-- previousΓÇöA substructure detailing previous values of changed elements on the endpoint set. This will not be included for newly added endpoint sets. Includes _ExpressRoute_, _serviceArea_, _category_, _required_, _tcpPorts_, _udpPorts_, and _notes_.
+- previousΓÇöA substructure detailing previous values of changed elements on the endpoint set. This won't be included for newly added endpoint sets. Includes _ExpressRoute_, _serviceArea_, _category_, _required_, _tcpPorts_, _udpPorts_, and _notes_.
- currentΓÇöA substructure detailing updated values of changes elements on the endpoint set. Includes _ExpressRoute_, _serviceArea_, _category_, _required_, _tcpPorts_, _udpPorts_, and _notes_. - add ΓÇöA substructure detailing items to be added to endpoint set collections. Omitted if there are no additions. ΓÇö effectiveDateΓÇöDefines the data when the additions will be live in the service.
The result from the changes web method is an array of records in which each reco
Example 1 request URI: <https://endpoints.office.com/changes/worldwide/0000000000?ClientRequestId=b10c5ed1-bad1-445f-b386-b919946339a7>
-This requests all previous changes to the Office 365 worldwide service instance. Example result:
+This requests all previous changes to the Microsoft 365 worldwide service instance. Example result:
```json [
This requests all previous changes to the Office 365 worldwide service instance.
Example 2 request URI: <https://endpoints.office.com/changes/worldwide/2018062700?ClientRequestId=b10c5ed1-bad1-445f-b386-b919946339a7>
-This requests changes since the specified version to the Office 365 Worldwide instance. In this case, the version specified is the latest. Example result:
+This requests changes since the specified version to the Microsoft 365 Worldwide instance. In this case, the version specified is the latest. Example result:
```json [
You can run this PowerShell script to see if there are actions you need to take
The script does the following: -- Checks the version number of the current Office 365 Worldwide instance endpoints by calling the web service REST API.
+- Checks the version number of the current Microsoft 365 Worldwide instance endpoints by calling the web service REST API.
- Checks for a current version file at _$Env:TEMP\O365_endpoints_latestversion.txt_. The path of the global variable **$Env:TEMP** is usually _C:\Users\\<username\>\AppData\Local\Temp_. - If this is the first time the script has been run, the script returns the current version and all current IP addresses and URLs, writes the endpoints version to the file _$Env:TEMP\O365_endpoints_latestversion.txt_ and the endpoints data output to the file _$Env:TEMP\O365_endpoints_data.txt_. You can modify the path and/or name of the output file by editing these lines:
The script does the following:
- On each subsequent execution of the script, if the latest web service version is identical to the version in the _O365_endpoints_latestversion.txt_ file, the script exits without making any changes. - When the latest web service version is newer than the version in the _O365_endpoints_latestversion.txt_ file, the script returns the endpoints and filters for the **Allow** and **Optimize** category endpoints, updates the version in the _O365_endpoints_latestversion.txt_ file, and writes the updated data to the _O365_endpoints_data.txt_ file.
-The script generates a unique _ClientRequestId_ for the computer it is executed on, and reuses this ID across multiple calls. This ID is stored in the _O365_endpoints_latestversion.txt_ file.
+The script generates a unique _ClientRequestId_ for the computer it's executed on, and reuses this ID across multiple calls. This ID is stored in the _O365_endpoints_latestversion.txt_ file.
### To run the PowerShell script
From https://aka.ms/ipurlws
v1.1 8/6/2019 DESCRIPTION
-This script calls the REST API of the Office 365 IP and URL Web Service (Worldwide instance)
+This script calls the REST API of the Microsoft 365 IP and URL Web Service (Worldwide instance)
and checks to see if there has been a new update since the version stored in an existing $Env:TEMP\O365_endpoints_latestversion.txt file in your user directory's temp folder (usually C:\Users\<username>\AppData\Local\Temp).
else {
# call version method to check the latest version, and pull new data if version number is different $version = Invoke-RestMethod -Uri ($ws + "/version/Worldwide?clientRequestId=" + $clientRequestId) if ($version.latest -gt $lastVersion) {
- Write-Host "New version of Office 365 worldwide commercial service instance endpoints detected"
+ Write-Host "New version of Microsoft 365 worldwide commercial service instance endpoints detected"
# write the new version number to the version file @($clientRequestId, $version.latest) | Out-File $versionpath # invoke endpoints method to get the new data
if ($version.latest -gt $lastVersion) {
Write-Output ("IP and URL data written to " + $datapath) # write output to data file
- Write-Output "Office 365 IP and UL Web Service data" | Out-File $datapath
+ Write-Output "Microsoft 365 IP and UL Web Service data" | Out-File $datapath
Write-Output "Worldwide instance" | Out-File $datapath -Append Write-Output "" | Out-File $datapath -Append Write-Output ("Version: " + $version.latest) | Out-File $datapath -Append
if ($version.latest -gt $lastVersion) {
($flatUrls.url | Sort-Object -Unique) -join "," | Out-File $datapath -Append } else {
- Write-Host "Office 365 worldwide commercial service instance endpoints are up-to-date."
+ Write-Host "Microsoft 365 worldwide commercial service instance endpoints are up-to-date."
} ``` ## Example Python Script
-Here is a Python script, tested with Python 3.6.3 on Windows 10, that you can run to see if there are actions you need to take for updated data. This script checks the version number for the Office 365 Worldwide instance endpoints. When there is a change, it downloads the endpoints and filters for the _Allow_ and _Optimize_ category endpoints. It also uses a unique ClientRequestId across multiple calls and saves the latest version found in a temporary file. Call this script once an hour to check for a version update.
+Here's a Python script, tested with Python 3.6.3 on Windows 10, that you can run to see if there are actions you need to take for updated data. This script checks the version number for the Microsoft 365 Worldwide instance endpoints. When there's a change, it downloads the endpoints and filters for the _Allow_ and _Optimize_ category endpoints. It also uses a unique ClientRequestId across multiple calls and saves the latest version found in a temporary file. Call this script once an hour to check for a version update.
```python import json
else:
# call version method to check the latest version, and pull new data if version number is different version = webApiGet('version', 'Worldwide', clientRequestId) if version['latest'] > latestVersion:
- print('New version of Office 365 worldwide commercial service instance endpoints detected')
+ print('New version of Microsoft 365 worldwide commercial service instance endpoints detected')
# write the new version number to the data file with open(datapath, 'w') as fout: fout.write(clientRequestId + '\n' + version['latest'])
if version['latest'] > latestVersion:
# TODO send mail (e.g. with smtplib/email modules) with new endpoints data else:
- print('Office 365 worldwide commercial service instance endpoints are up-to-date')
+ print('Microsoft 365 worldwide commercial service instance endpoints are up-to-date')
``` ## Web Service interface versioning
-Updates to the parameters or results for these web service methods may be required in the future. After the general availability version of these web services is published, Microsoft will make reasonable efforts to provide advance notice of material updates to the web service. When Microsoft believes that an update will require changes to clients using the web service, Microsoft will keep the previous version (one version back) of the web service available for at least 12 months after the release of the new version. Customers who do not upgrade during that time may be unable to access the web service and its methods. Customers must ensure that clients of the web service continue working without error if the following changes are made to the web service interface signature:
+Updates to the parameters or results for these web service methods may be required in the future. After the general availability version of these web services is published, Microsoft will make reasonable efforts to provide advance notice of material updates to the web service. When Microsoft believes that an update will require changes to clients using the web service, Microsoft will keep the previous version (one version back) of the web service available for at least 12 months after the release of the new version. Customers who don't upgrade during that time may be unable to access the web service and its methods. Customers must ensure that clients of the web service continue working without error if the following changes are made to the web service interface signature:
- Adding a new optional parameter to an existing web method that doesn't have to be provided by older clients and doesn't impact the result an older client receives. - Adding a new named attribute in one of the response REST items or other columns to the response CSV.-- Adding a new web method with a new name that is not called by the older clients.
+- Adding a new web method with a new name that isn't called by the older clients.
## Update notifications You can use a few different methods to get email notifications when changes to the IP addresses and URLs are published to the web service. -- To use a Power Automate solution, see [Use Power Automate to receive an email for changes to Office 365 IP Addresses and URLs](https://techcommunity.microsoft.com/t5/Office-365-Networking/Use-Microsoft-Flow-to-receive-an-email-for-changes-to-Office-365/m-p/240651).
+- To use a Power Automate solution, see [Use Power Automate to receive an email for changes to Microsoft 365 IP Addresses and URLs](https://techcommunity.microsoft.com/t5/Office-365-Networking/Use-Microsoft-Flow-to-receive-an-email-for-changes-to-Office-365/m-p/240651).
- To deploy an Azure Logic App using an ARM template, see [Office 365 Update Notification (v1.1)](https://aka.ms/ipurlws-updates-template). - To write your own notification script using PowerShell, see [Send-MailMessage](/powershell/module/microsoft.powershell.utility/send-mailmessage). ## Exporting a Proxy PAC file
-[Get-PacFile](https://www.powershellgallery.com/packages/Get-PacFile) is a PowerShell script that reads the latest network endpoints from the Office 365 IP Address and URL web service and creates a sample PAC file. For information on using Get-PacFile, see [Use a PAC file for direct routing of vital Microsoft 365 traffic](managing-office-365-endpoints.md#use-a-pac-file-for-direct-routing-of-vital-microsoft-365-traffic).
+[Get-PacFile](https://www.powershellgallery.com/packages/Get-PacFile) is a PowerShell script that reads the latest network endpoints from the Microsoft 365 IP Address and URL web service and creates a sample PAC file. For information on using Get-PacFile, see [Use a PAC file for direct routing of vital Microsoft 365 traffic](managing-office-365-endpoints.md#use-a-pac-file-for-direct-routing-of-vital-microsoft-365-traffic).
## Related Topics
-[Office 365 URLs and IP address ranges](https://support.office.com/article/8548a211-3fe7-47cb-abb1-355ea5aa88a2)
+[Microsoft 365 URLs and IP address ranges](https://support.office.com/article/8548a211-3fe7-47cb-abb1-355ea5aa88a2)
-[Managing Office 365 endpoints](managing-office-365-endpoints.md)
-
-[Office 365 endpoints FAQ](https://support.office.com/article/d4088321-1c89-4b96-9c99-54c75cae2e6d)
+[Managing Microsoft 365 endpoints](managing-office-365-endpoints.md)
-[Office 365 Network Connectivity Principles](microsoft-365-network-connectivity-principles.md)
+[Microsoft 365 Network Connectivity Principles](microsoft-365-network-connectivity-principles.md)
-[Office 365 network and performance tuning](network-planning-and-performance.md)
+[Microsoft 365 network and performance tuning](network-planning-and-performance.md)
-[Assessing Office 365 network connectivity](assessing-network-connectivity.md)
+[Assessing Microsoft 365 network connectivity](assessing-network-connectivity.md)
[Media Quality and Network Connectivity Performance in Skype for Business Online](https://support.office.com/article/5fe3e01b-34cf-44e0-b897-b0b2a83f0917) [Optimizing your network for Skype for Business Online](https://support.office.com/article/b363bdca-b00d-4150-96c3-ec7eab5a8a43)
-[Office 365 performance tuning using baselines and performance history](performance-tuning-using-baselines-and-history.md)
+[Microsoft 365 performance tuning using baselines and performance history](performance-tuning-using-baselines-and-history.md)
-[Performance troubleshooting plan for Office 365](performance-troubleshooting-plan.md)
+[Performance troubleshooting plan for Microsoft 365](performance-troubleshooting-plan.md)
enterprise Microsoft 365 U S Government Dod Endpoints https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/enterprise/microsoft-365-u-s-government-dod-endpoints.md
Title: Office 365 US Government DOD endpoints
+ Title: Microsoft 365 US Government DOD endpoints
search.appverid:
ms.assetid: 5d7dce60-4892-4b58-b45e-ee42fe8a907f f1.keywords: - NOCSH
-description: Office 365 requires connectivity to the Internet. The endpoints below should be reachable for customers using Office 365 U.S. Government DoD plans only.
+description: Microsoft 365 requires connectivity to the Internet. The endpoints below should be reachable for customers using Microsoft 365 U.S. Government DoD plans only.
hideEdit: true
-# Office 365 U.S. Government DoD endpoints
+# Microsoft 365 U.S. Government DoD endpoints
-*Applies To: Office 365 Admin*
+*Applies To: Microsoft 365 Admin*
-Office 365 requires connectivity to the Internet. The endpoints below should be reachable for customers using Office 365 U.S. Government DoD plans only.
+Microsoft 365 requires connectivity to the Internet. The endpoints below should be reachable for customers using Microsoft 365 U.S. Government DoD plans only.
-**Office 365 endpoints:** [Worldwide (including GCC)](urls-and-ip-address-ranges.md) \| [Office 365 operated by 21 Vianet](urls-and-ip-address-ranges-21vianet.md) \| *Office 365 U.S. Government DoD* \| [Office 365 U.S. Government GCC High](microsoft-365-u-s-government-gcc-high-endpoints.md)
+**Microsoft 365 endpoints:** [Worldwide (including GCC)](urls-and-ip-address-ranges.md) \| [Microsoft 365 operated by 21 Vianet](urls-and-ip-address-ranges-21vianet.md) \| *Microsoft 365 U.S. Government DoD* \| [Microsoft 365 U.S. Government GCC High](microsoft-365-u-s-government-gcc-high-endpoints.md)
<br> ****
Office 365 requires connectivity to the Internet. The endpoints below should be
|**Last updated:** 10/30/2023 - ![RSS.](../media/5dc6bb29-25db-4f44-9580-77c735492c4b.png) [Change Log subscription](https://endpoints.office.com/version/USGOVDoD?allversions=true&format=rss&clientrequestid=b10c5ed1-bad1-445f-b386-b919946339a7)|**Download:** the full list in [JSON format](https://endpoints.office.com/endpoints/USGOVDoD?clientrequestid=b10c5ed1-bad1-445f-b386-b919946339a7)| |
-Start with [Managing Office 365 endpoints](managing-office-365-endpoints.md) to understand our recommendations for managing network connectivity using this data. Endpoints data is updated as needed at the beginning of each month with new IP Addresses and URLs published 30 days in advance of being active. This lets customers who don't yet have automated updates to complete their processes before new connectivity is required. Endpoints may also be updated during the month if needed to address support escalations, security incidents, or other immediate operational requirements. The data shown on this page below is all generated from the REST-based web services. If you're using a script or a network device to access this data, you should go to the [Web service](microsoft-365-ip-web-service.md) directly.
+Start with [Managing Microsoft 365 endpoints](managing-office-365-endpoints.md) to understand our recommendations for managing network connectivity using this data. Endpoints data is updated as needed at the beginning of each month with new IP Addresses and URLs published 30 days in advance of being active. This lets customers who don't yet have automated updates to complete their processes before new connectivity is required. Endpoints may also be updated during the month if needed to address support escalations, security incidents, or other immediate operational requirements. The data shown on this page below is all generated from the REST-based web services. If you're using a script or a network device to access this data, you should go to the [Web service](microsoft-365-ip-web-service.md) directly.
-Endpoint data below lists requirements for connectivity from a user's machine to Office 365. It doesn't include network connections from Microsoft into a customer network, sometimes called hybrid or inbound network connections. For more information, see [Additional endpoints not included in the web service](additional-office365-ip-addresses-and-urls.md).
+Endpoint data below lists requirements for connectivity from a user's machine to Microsoft 365. It doesn't include network connections from Microsoft into a customer network, sometimes called hybrid or inbound network connections. For more information, see [Additional endpoints not included in the web service](additional-office365-ip-addresses-and-urls.md).
The endpoints are grouped into four service areas. The first three service areas can be independently selected for connectivity. The fourth service area is a common dependency (called Microsoft 365 Common and Office) and must always have network connectivity.
Data columns shown are:
- **Category**: Shows whether the endpoint set is categorized as "Optimize", "Allow", or "Default". You can read about these categories and guidance for management of them at [https://aka.ms/pnc](./microsoft-365-network-connectivity-principles.md). This column also lists which endpoint sets are required to have network connectivity. For endpoint sets that aren't required to have network connectivity, we provide notes in this field to indicate what functionality would be missing if the endpoint set is blocked. If you're excluding an entire service area, the endpoint sets listed as required don't require connectivity. -- **ER**: This is **Yes** if the endpoint set is supported over Azure ExpressRoute with Office 365 route prefixes. The BGP community that includes the route prefixes shown aligns with the service area listed. When ER is **No**, this means that ExpressRoute isn't supported for this endpoint set. However, it shouldn't be assumed that no routes are advertised for an endpoint set where ER is **No**. If you plan to use Microsoft Entra Connect, read the [special considerations section](/azure/active-directory/hybrid/reference-connect-instances#microsoft-azure-government) to ensure you have the appropriate Microsoft Entra Connect configuration.
+- **ER**: This is **Yes** if the endpoint set is supported over Azure ExpressRoute with Microsoft 365 route prefixes. The BGP community that includes the route prefixes shown aligns with the service area listed. When ER is **No**, this means that ExpressRoute isn't supported for this endpoint set. However, it shouldn't be assumed that no routes are advertised for an endpoint set where ER is **No**. If you plan to use Microsoft Entra Connect, read the [special considerations section](/azure/active-directory/hybrid/reference-connect-instances#microsoft-azure-government) to ensure you have the appropriate Microsoft Entra Connect configuration.
- **Addresses**: Lists the FQDNs or wildcard domain names and IP Address ranges for the endpoint set. Note that an IP Address range is in CIDR format and may include many individual IP Addresses in the specified network. - **Ports**: Lists the TCP or UDP ports that are combined with the Addresses to form the network endpoint. You may notice some duplication in IP Address ranges where there are different ports listed. Notes for this table: -- The Security and Compliance Center (SCC) provides support for Azure ExpressRoute for Office 365. The same applies for many features exposed through the SCC such as Reporting, Auditing, eDiscovery (Premium), Unified DLP, and Data Governance. Two specific features, PST Import and eDiscovery Export, currently don't support Azure ExpressRoute with only Office 365 route filters due to their dependency on Azure Blob Storage. To consume those features, you need separate connectivity to Azure Blob Storage using any supportable Azure connectivity options, which include Internet connectivity or Azure ExpressRoute with Azure Public route filters. You have to evaluate establishing such connectivity for both of those features. The Office 365 Information Protection team is aware of this limitation and is actively working to bring support for Azure ExpressRoute for Office 365 as limited to Office 365 route filters for both of those features.
+- The Security and Compliance Center (SCC) provides support for Azure ExpressRoute for Microsoft 365. The same applies for many features exposed through the SCC such as Reporting, Auditing, eDiscovery (Premium), Unified DLP, and Data Governance. Two specific features, PST Import and eDiscovery Export, currently don't support Azure ExpressRoute with only Microsoft 365 route filters due to their dependency on Azure Blob Storage. To consume those features, you need separate connectivity to Azure Blob Storage using any supportable Azure connectivity options, which include Internet connectivity or Azure ExpressRoute with Azure Public route filters. You have to evaluate establishing such connectivity for both of those features. The Microsoft 365 Information Protection team is aware of this limitation and is actively working to bring support for Azure ExpressRoute for Microsoft 365 as limited to Microsoft 365 route filters for both of those features.
- There are additional optional endpoints for Microsoft 365 Apps for enterprise that aren't listed and aren't required for users to launch Microsoft 365 Apps for enterprise applications and edit documents. Optional endpoints are hosted in Microsoft datacenters and don't process, transmit, or store customer data. We recommend that user connections to these endpoints be directed to the default Internet egress perimeter.
enterprise Microsoft 365 U S Government Gcc High Endpoints https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/enterprise/microsoft-365-u-s-government-gcc-high-endpoints.md
Title: "Office 365 U.S. Government GCC High endpoints"
+ Title: "Microsoft 365 U.S. Government GCC High endpoints"
- seo-marvel-apr2020 search.appverid: MET150 ms.assetid: cbd2369c-fd96-464c-bf48-c99826b459ee
-description: "In this article, you find endpoints reachable for customers using Office 365 U.S. Government GCC High plans."
+description: "In this article, you find endpoints reachable for customers using Microsoft 365 U.S. Government GCC High plans."
hideEdit: true
-# Office 365 U.S. Government GCC High endpoints
+# Microsoft 365 U.S. Government GCC High endpoints
-*Applies To: Office 365 Admin*
+*Applies To: Microsoft 365 Admin*
-Office 365 requires connectivity to the Internet. The endpoints below should be reachable for customers using Office 365 U.S. Government GCC High plans only.
+Microsoft 365 requires connectivity to the Internet. The endpoints below should be reachable for customers using Microsoft 365 U.S. Government GCC High plans only.
- **Office 365 endpoints:** [Worldwide (including GCC)](urls-and-ip-address-ranges.md) \| [Office 365 operated by 21 Vianet](urls-and-ip-address-ranges-21vianet.md) \| [Office 365 U.S. Government DoD](microsoft-365-u-s-government-dod-endpoints.md) \| *Office 365 U.S. Government GCC High*
+ **Microsoft 365 endpoints:** [Worldwide (including GCC)](urls-and-ip-address-ranges.md) \| [Microsoft 365 operated by 21 Vianet](urls-and-ip-address-ranges-21vianet.md) \| [Microsoft 365 U.S. Government DoD](microsoft-365-u-s-government-dod-endpoints.md) \| *Microsoft 365 U.S. Government GCC High*
<br>
Office 365 requires connectivity to the Internet. The endpoints below should be
|**Last updated:** 12/01/2023 - ![RSS.](../media/5dc6bb29-25db-4f44-9580-77c735492c4b.png) [Change Log subscription](https://endpoints.office.com/version/USGOVGCCHigh?allversions=true&format=rss&clientrequestid=b10c5ed1-bad1-445f-b386-b919946339a7)|**Download:** the full list in [JSON format](https://endpoints.office.com/endpoints/USGOVGCCHigh?clientrequestid=b10c5ed1-bad1-445f-b386-b919946339a7)| |
- Start with [Managing Office 365 endpoints](managing-office-365-endpoints.md) to understand our recommendations for managing network connectivity using this data. Endpoints data is updated as needed at the beginning of each month with new IP Addresses and URLs published 30 days in advance of being active. This lets customers who don't yet have automated updates to complete their processes before new connectivity is required. Endpoints may also be updated during the month if needed to address support escalations, security incidents, or other immediate operational requirements. The data shown on this page below is all generated from the REST-based web services. If you're using a script or a network device to access this data, you should go to the [Web service](microsoft-365-ip-web-service.md) directly.
+ Start with [Managing Microsoft 365 endpoints](managing-office-365-endpoints.md) to understand our recommendations for managing network connectivity using this data. Endpoints data is updated as needed at the beginning of each month with new IP Addresses and URLs published 30 days in advance of being active. This lets customers who don't yet have automated updates to complete their processes before new connectivity is required. Endpoints may also be updated during the month if needed to address support escalations, security incidents, or other immediate operational requirements. The data shown on this page below is all generated from the REST-based web services. If you're using a script or a network device to access this data, you should go to the [Web service](microsoft-365-ip-web-service.md) directly.
-Endpoint data below lists requirements for connectivity from a userΓÇÖs machine to Office 365. It doesn't include network connections from Microsoft into a customer network, sometimes called hybrid or inbound network connections.
+Endpoint data below lists requirements for connectivity from a userΓÇÖs machine to Microsoft 365. It doesn't include network connections from Microsoft into a customer network, sometimes called hybrid or inbound network connections.
The endpoints are grouped into four service areas. The first three service areas can be independently selected for connectivity. The fourth service area is a common dependency (called Microsoft 365 Common and Office) and must always have network connectivity.
Data columns shown are:
- **Category**: Shows whether the endpoint set is categorized as ΓÇ£OptimizeΓÇ¥, ΓÇ£AllowΓÇ¥, or ΓÇ£DefaultΓÇ¥. You can read about these categories and guidance for management of them at [https://aka.ms/pnc](./microsoft-365-network-connectivity-principles.md). This column also lists which endpoint sets are required to have network connectivity. For endpoint sets, which aren't required to have network connectivity, we provide notes in this field to indicate what functionality would be missing if the endpoint set is blocked. If you're excluding an entire service area, the endpoint sets listed as required don't require connectivity. -- **ER**: This is **Yes** if the endpoint set is supported over Azure ExpressRoute with Office 365 route prefixes. The BGP community that includes the route prefixes shown aligns with the service area listed. When ER is **No**, this means that ExpressRoute isn't supported for this endpoint set. However, it shouldn't be assumed that no routes are advertised for an endpoint set where ER is **No**. If you plan to use Microsoft Entra Connect, read the [special considerations section](/azure/active-directory/hybrid/reference-connect-instances#microsoft-azure-government) to ensure you have the appropriate Microsoft Entra Connect configuration.
+- **ER**: This is **Yes** if the endpoint set is supported over Azure ExpressRoute with Microsoft 365 route prefixes. The BGP community that includes the route prefixes shown aligns with the service area listed. When ER is **No**, this means that ExpressRoute isn't supported for this endpoint set. However, it shouldn't be assumed that no routes are advertised for an endpoint set where ER is **No**. If you plan to use Microsoft Entra Connect, read the [special considerations section](/azure/active-directory/hybrid/reference-connect-instances#microsoft-azure-government) to ensure you have the appropriate Microsoft Entra Connect configuration.
- **Addresses**: Lists the FQDNs or wildcard domain names and IP Address ranges for the endpoint set. Note that an IP Address range is in CIDR format and may include many individual IP Addresses in the specified network. - **Ports**: Lists the TCP or UDP ports that are combined with the Addresses to form the network endpoint. You may notice some duplication in IP Address ranges where there are different ports listed. Notes for this table: -- The Security and Compliance Center (SCC) provides support for Azure ExpressRoute for Office 365. The same applies for many features exposed through the SCC such as Reporting, Auditing, eDiscovery (Premium), Unified DLP, and Data Governance. Two specific features, PST Import and eDiscovery Export, currently don't support Azure ExpressRoute with only Office 365 route filters due to their dependency on Azure Blob Storage. To consume those features, you need separate connectivity to Azure Blob Storage using any supportable Azure connectivity options, which include Internet connectivity or Azure ExpressRoute with Azure Public route filters. You have to evaluate establishing such connectivity for both of those features. The Office 365 Information Protection team is aware of this limitation and is actively working to bring support for Azure ExpressRoute for Office 365 as limited to Office 365 route filters for both of those features.
+- The Security and Compliance Center (SCC) provides support for Azure ExpressRoute for Microsoft 365. The same applies for many features exposed through the SCC such as Reporting, Auditing, eDiscovery (Premium), Unified DLP, and Data Governance. Two specific features, PST Import and eDiscovery Export, currently don't support Azure ExpressRoute with only Microsoft 365 route filters due to their dependency on Azure Blob Storage. To consume those features, you need separate connectivity to Azure Blob Storage using any supportable Azure connectivity options, which include Internet connectivity or Azure ExpressRoute with Azure Public route filters. You have to evaluate establishing such connectivity for both of those features. The Microsoft 365 Information Protection team is aware of this limitation and is actively working to bring support for Azure ExpressRoute for Microsoft 365 as limited to Microsoft 365 route filters for both of those features.
- There are additional optional endpoints for Microsoft 365 Apps for enterprise that aren't listed and aren't required for users to launch Microsoft 365 Apps for enterprise applications and edit documents. Optional endpoints are hosted in Microsoft data centers and don't process, transmit, or store customer data. We recommend that user connections to these endpoints be directed to the default Internet egress perimeter.
enterprise Urls And Ip Address Ranges 21Vianet https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/enterprise/urls-and-ip-address-ranges-21vianet.md
Title: "URLs and IP address ranges for Office 365 operated by 21Vianet"
+ Title: "URLs and IP address ranges for Microsoft 365 operated by 21Vianet"
ms.assetid: 5c47c07d-f9b6-4b78-a329-bfdc1b6da7a0
f1.keywords: - NOCSH
-description: This article lists the URLs and IP address ranges for Office 365 when operated by 21Vianet in China.
+description: This article lists the URLs and IP address ranges for Microsoft 365 when operated by 21Vianet in China.
hideEdit: true
-# URLs and IP address ranges for Office 365 operated by 21Vianet
+# URLs and IP address ranges for Microsoft 365 operated by 21Vianet
-*Applies To: Office 365 operated by 21Vianet - Small Business Admin, Office 365 operated by 21Vianet - Admin*
+*Applies To: Microsoft 365 operated by 21Vianet - Small Business Admin, Microsoft 365 operated by 21Vianet - Admin*
-**Summary**: The following endpoints (FQDNs, ports, URLs, IPv4, and IPv6 prefixes) apply to Office 365 operated by 21 Vianet and are designed to deliver productivity services to organizations using only these plans.
+**Summary**: The following endpoints (FQDNs, ports, URLs, IPv4, and IPv6 prefixes) apply to Microsoft 365 operated by 21 Vianet and are designed to deliver productivity services to organizations using only these plans.
-**Office 365 endpoints:** [Worldwide (including GCC)](urls-and-ip-address-ranges.md) | *Office 365 operated by 21 Vianet* | [Office 365 U.S. Government DoD](microsoft-365-u-s-government-dod-endpoints.md) | [Office 365 U.S. Government GCC High](microsoft-365-u-s-government-gcc-high-endpoints.md) |
+**Microsoft 365 endpoints:** [Worldwide (including GCC)](urls-and-ip-address-ranges.md) | *Microsoft 365 operated by 21 Vianet* | [Microsoft 365 U.S. Government DoD](microsoft-365-u-s-government-dod-endpoints.md) | [Microsoft 365 U.S. Government GCC High](microsoft-365-u-s-government-gcc-high-endpoints.md) |
**Last updated:** 12/01/2023 - ![RSS.](../media/5dc6bb29-25db-4f44-9580-77c735492c4b.png) [Change Log subscription](https://endpoints.office.com/version/China?allversions=true&format=rss&clientrequestid=b10c5ed1-bad1-445f-b386-b919946339a7) **Download:** all required and optional destinations in one [JSON formatted](https://endpoints.office.com/endpoints/China?clientrequestid=b10c5ed1-bad1-445f-b386-b919946339a7) list.
-Start with [Managing Office 365 endpoints](managing-office-365-endpoints.md) to understand our recommendations for managing network connectivity using this data. Endpoints data is updated as needed at the beginning of each month with new IP Addresses and URLs published 30 days in advance of being active. This allows for customers who don't yet have automated updates to complete their processes before new connectivity is required. Endpoints may also be updated during the month if needed to address support escalations, security incidents, or other immediate operational requirements. The data shown on this page below is all generated from the REST-based web services. If you're using a script or a network device to access this data, you should go to the [Web service](microsoft-365-ip-web-service.md) directly.
+Start with [Managing Microsoft 365 endpoints](managing-office-365-endpoints.md) to understand our recommendations for managing network connectivity using this data. Endpoints data is updated as needed at the beginning of each month with new IP Addresses and URLs published 30 days in advance of being active. This allows for customers who don't yet have automated updates to complete their processes before new connectivity is required. Endpoints may also be updated during the month if needed to address support escalations, security incidents, or other immediate operational requirements. The data shown on this page below is all generated from the REST-based web services. If you're using a script or a network device to access this data, you should go to the [Web service](microsoft-365-ip-web-service.md) directly.
-Endpoint data below lists requirements for connectivity from a userΓÇÖs machine to Office 365. It doesn't include network connections from Microsoft into a customer network, sometimes called hybrid or inbound network connections.
+Endpoint data below lists requirements for connectivity from a userΓÇÖs machine to Microsoft 365. It doesn't include network connections from Microsoft into a customer network, sometimes called hybrid or inbound network connections.
The endpoints are grouped into four service areas. The first three service areas can be independently selected for connectivity. The fourth service area is a common dependency (called Microsoft 365 Common and Office) and must always have network connectivity.
Data columns shown are:
- **Category**: Shows whether the endpoint set is categorized as ΓÇ£OptimizeΓÇ¥, ΓÇ£AllowΓÇ¥, or ΓÇ£DefaultΓÇ¥. You can read about these categories and guidance for management of them at [https://aka.ms/pnc](./microsoft-365-network-connectivity-principles.md). This column also lists which endpoint sets are required to have network connectivity. For endpoint sets, which aren't required to have network connectivity, we provide notes in this field to indicate what functionality would be missing if the endpoint set is blocked. If you're excluding an entire service area, the endpoint sets listed as required don't require connectivity. -- **ER**: This is **Yes** if the endpoint set is supported over Azure ExpressRoute with Office 365 route prefixes. The BGP community that includes the route prefixes shown aligns with the service area listed. When ER is **No**, this means that ExpressRoute isn't supported for this endpoint set. However, it shouldn't be assumed that no routes are advertised for an endpoint set where ER is **No**.
+- **ER**: This is **Yes** if the endpoint set is supported over Azure ExpressRoute with Microsoft 365 route prefixes. The BGP community that includes the route prefixes shown aligns with the service area listed. When ER is **No**, this means that ExpressRoute isn't supported for this endpoint set. However, it shouldn't be assumed that no routes are advertised for an endpoint set where ER is **No**.
- **Addresses**: Lists the FQDNs or wildcard domain names and IP Address ranges for the endpoint set. Note that an IP Address range is in CIDR format and may include many individual IP Addresses in the specified network. - **Ports**: Lists the TCP or UDP ports that are combined with the Addresses to form the network endpoint. You may notice some duplication in IP Address ranges where there are different ports listed.
enterprise Urls And Ip Address Ranges https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/enterprise/urls-and-ip-address-ranges.md
Title: "Office 365 URLs and IP address ranges"
+ Title: "Microsoft 365 URLs and IP address ranges"
- scotvorg - M365-subscription-management - Strat_O365_Enterprise
+- must-keep
f1.keywords: - CSH
search.appverid:
- MOM160 - BCS160 ms.assetid: 8548a211-3fe7-47cb-abb1-355ea5aa88a2
-description: "Summary: Office 365 requires connectivity to the Internet. The endpoints below should be reachable for customers using Office 365 plans, including Government Community Cloud (GCC)."
+description: "Summary: Microsoft 365 requires connectivity to the Internet. The endpoints below should be reachable for customers using Microsoft 365 plans, including Government Community Cloud (GCC)."
hideEdit: true
-# Office 365 URLs and IP address ranges
+# Microsoft 365 URLs and IP address ranges
-Office 365 requires connectivity to the Internet. The endpoints below should be reachable for customers using Office 365 plans, including Government Community Cloud (GCC).
+Microsoft 365 requires connectivity to the Internet. The endpoints below should be reachable for customers using Microsoft 365 plans, including Government Community Cloud (GCC).
-*Office 365 Worldwide (+GCC)* \| [Office 365 operated by 21 Vianet](urls-and-ip-address-ranges-21vianet.md) \| [Office 365 U.S. Government DoD](microsoft-365-u-s-government-dod-endpoints.md) \| [Office 365 U.S. Government GCC High](microsoft-365-u-s-government-gcc-high-endpoints.md) \|
+*Microsoft 365 Worldwide (+GCC)* \| [Microsoft 365 operated by 21 Vianet](urls-and-ip-address-ranges-21vianet.md) \| [Microsoft 365 U.S. Government DoD](microsoft-365-u-s-government-dod-endpoints.md) \| [Microsoft 365 U.S. Government GCC High](microsoft-365-u-s-government-gcc-high-endpoints.md) \|
|Notes|Download|Use| |||| |**Last updated:** 01/30/2024 - ![RSS.](../medi#pacfiles)| |
-Start with [Managing Office 365 endpoints](managing-office-365-endpoints.md) to understand our recommendations for managing network connectivity using this data. Endpoints data is updated as needed at the beginning of each month with new IP Addresses and URLs published 30 days in advance of being active. This cadence allows for customers who don't yet have automated updates to complete their processes before new connectivity is required. Endpoints may also be updated during the month if needed to address support escalations, security incidents, or other immediate operational requirements. The data shown on this page below is all generated from the REST-based web services. If you're using a script or a network device to access this data, you should go to the [Web service](microsoft-365-ip-web-service.md) directly.
+Start with [Managing Microsoft 365 endpoints](managing-office-365-endpoints.md) to understand our recommendations for managing network connectivity using this data. Endpoints data is updated as needed at the beginning of each month with new IP Addresses and URLs published 30 days in advance of being active. This cadence allows for customers who don't yet have automated updates to complete their processes before new connectivity is required. Endpoints may also be updated during the month if needed to address support escalations, security incidents, or other immediate operational requirements. The data shown on this page below is all generated from the REST-based web services. If you're using a script or a network device to access this data, you should go to the [Web service](microsoft-365-ip-web-service.md) directly.
-Endpoint data below lists requirements for connectivity from a user's machine to Office 365. For detail on IP addresses used for network connections from Microsoft into a customer network, sometimes called hybrid or inbound network connections, see [Additional endpoints](additional-office365-ip-addresses-and-urls.md) for more information.
+Endpoint data below lists requirements for connectivity from a user's machine to Microsoft 365. For detail on IP addresses used for network connections from Microsoft into a customer network, sometimes called hybrid or inbound network connections, see [Additional endpoints](additional-office365-ip-addresses-and-urls.md) for more information.
The endpoints are grouped into four service areas representing the three primary workloads and a set of common resources. The groups may be used to associate traffic flows with a particular application, however given that features often consume endpoints across multiple workloads, these groups can't effectively be used to restrict access.
Data columns shown are:
- **Category**: Shows whether the endpoint set is categorized as **Optimize**, **Allow**, or **Default**. This column also lists which endpoint sets are required to have network connectivity. For endpoint sets that aren't required to have network connectivity, we provide notes in this field to indicate what functionality would be missing if the endpoint set is blocked. If you're excluding an entire service area, the endpoint sets listed as required don't require connectivity.
- You can read about these categories and guidance for their management in [New Office 365 endpoint categories](microsoft-365-network-connectivity-principles.md#new-office-365-endpoint-categories).
+ You can read about these categories and guidance for their management in [New Microsoft 365 endpoint categories](microsoft-365-network-connectivity-principles.md#new-office-365-endpoint-categories).
-- **ER**: This is **Yes** if the endpoint set is supported over Azure ExpressRoute with Office 365 route prefixes. The BGP community that includes the route prefixes shown aligns with the service area listed. When ER is **No**, this means that ExpressRoute is not supported for this endpoint set.
+- **ER**: This is **Yes** if the endpoint set is supported over Azure ExpressRoute with Microsoft 365 route prefixes. The BGP community that includes the route prefixes shown aligns with the service area listed. When ER is **No**, this means that ExpressRoute is not supported for this endpoint set.
Some routes may be advertised in more than one BGP community, making it possible for endpoints within a given IP range to traverse the ER circuit, but still be unsupported. In all cases, the value of a given endpoint set's ER column should be respected.
Data columns shown are:
> [!NOTE] > Microsoft has begun a long-term transition to providing services from the **cloud.microsoft** namespace to simplify the endpoints managed by our customers. If you are following existing guidance for allowing access to required endpoints as listed below, thereΓÇÖs no further action required from you. > [!NOTE] > For recommendations on Viva Engage IP addresses and URLs, see [Using hard-coded IP addresses for Viva Engage is not recommended](https://techcommunity.microsoft.com/t5/yammer-Blog/Using-hard-coded-IP-addresses-for-yammer-is-not-recommended/ba-p/276592) on the Viva Engage blog. ## Related Topics
-[Additional endpoints not included in the Office 365 IP Address and URL Web service](additional-office365-ip-addresses-and-urls.md)
+[Additional endpoints not included in the Microsoft 365 IP Address and URL Web service](additional-office365-ip-addresses-and-urls.md)
-[Managing Office 365 endpoints](managing-office-365-endpoints.md)
+[Managing Microsoft 365 endpoints](managing-office-365-endpoints.md)
[General Microsoft Stream endpoints](/stream/network-overview#general-microsoft-stream-endpoints)
includes Microsoft 365 Content Updates https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/includes/microsoft-365-content-updates.md
+## Week of January 29, 2024
++
+| Published On |Topic title | Change |
+|||--|
+| 1/29/2024 | [GDPR simplified: A guide for your small business](/microsoft-365/admin/security-and-compliance/gdpr-compliance?view=o365-worldwide) | modified |
+| 1/29/2024 | [Accept an email invitation to a Microsoft 365 for business subscription organization using an Outlook, Yahoo, Gmail or other account (User)](/microsoft-365/admin/simplified-signup/user-invite-msa-nodomain-join?view=o365-worldwide) | modified |
+| 1/29/2024 | [SharePoint Cross-tenant SharePoint migration Step 5 (preview)](/microsoft-365/enterprise/cross-tenant-sharepoint-migration-step5?view=o365-worldwide) | modified |
+| 1/29/2024 | [SharePoint site Cross-tenant SharePoint migration Step 6 (preview)](/microsoft-365/enterprise/cross-tenant-sharepoint-migration-step6?view=o365-worldwide) | modified |
+| 1/29/2024 | [Mailbox utilization service alerts](/microsoft-365/enterprise/microsoft-365-mailbox-utilization-service-alerts?view=o365-worldwide) | modified |
+| 1/29/2024 | [Microsoft Azure Architectures for SharePoint 2013](/microsoft-365/enterprise/microsoft-azure-architectures-for-sharepoint-2013?view=o365-worldwide) | modified |
+| 1/29/2024 | [Deploy Microsoft Defender for Endpoint on Linux with SaltStack](/microsoft-365/security/defender-endpoint/linux-install-with-saltack?view=o365-worldwide) | modified |
+| 1/29/2024 | [Collect support logs in Microsoft Defender for Endpoint using live response](/microsoft-365/security/defender-endpoint/troubleshoot-collect-support-log?view=o365-worldwide) | modified |
+| 1/29/2024 | [Microsoft Defender Antivirus event IDs and error codes](/microsoft-365/security/defender-endpoint/troubleshoot-microsoft-defender-antivirus?view=o365-worldwide) | modified |
+| 1/29/2024 | [Step 2. Configure Microsoft Outlook](/microsoft-365/solutions/apps-config-step-2?view=o365-worldwide) | modified |
+| 1/29/2024 | [Key Compliance and Security Considerations for the Energy Industry](/microsoft-365/solutions/energy-secure-collaboration?view=o365-worldwide) | modified |
+| 1/29/2024 | [To identity and beyondΓÇöOne architect's viewpoint](/microsoft-365/solutions/identity-design-principles?view=o365-worldwide) | modified |
+| 1/29/2024 | [Communicating with Microsoft Defender Experts](/microsoft-365/security/defender/communicate-defender-experts-xdr?view=o365-worldwide) | added |
+| 1/29/2024 | [How to use the Microsoft Defender Experts for XDR service](/microsoft-365/security/defender/start-using-mdex-xdr?view=o365-worldwide) | modified |
+| 1/29/2024 | [How to schedule an update of the Microsoft Defender for Endpoint (Linux)](/microsoft-365/security/defender-endpoint/linux-update-mde-linux?view=o365-worldwide) | modified |
+| 1/29/2024 | [What's new in Microsoft Defender for Endpoint on Linux](/microsoft-365/security/defender-endpoint/linux-whatsnew?view=o365-worldwide) | modified |
+| 1/30/2024 | [Protect macOS security settings with tamper protection](/microsoft-365/security/defender-endpoint/tamperprotection-macos?view=o365-worldwide) | modified |
+| 1/30/2024 | [Get started with Microsoft Defender Experts for XDR](/microsoft-365/security/defender/get-started-xdr?view=o365-worldwide) | modified |
+| 1/30/2024 | [View Microsoft 365 account license and service details with PowerShell](/microsoft-365/enterprise/view-account-license-and-service-details-with-microsoft-365-powershell?view=o365-worldwide) | modified |
+| 1/30/2024 | [Microsoft 365 OneDrive usage reports](/microsoft-365/admin/activity-reports/onedrive-for-business-usage-ww?view=o365-worldwide) | modified |
+| 1/30/2024 | [Microsoft 365 network provider assessments.](/microsoft-365/enterprise/office-365-network-mac-perf-nppdata?view=o365-worldwide) | modified |
+| 1/30/2024 | [Network provider connectivity attribution in the Microsoft 365 Admin Center](/microsoft-365/enterprise/office-365-network-mac-perf-nppux?view=o365-worldwide) | modified |
+| 1/30/2024 | [Network connectivity in the Microsoft 365 Admin Center](/microsoft-365/enterprise/office-365-network-mac-perf-overview?view=o365-worldwide) | modified |
+| 1/30/2024 | [Configuration analyzer for security policies](/microsoft-365/security/office-365-security/configuration-analyzer-for-security-policies?view=o365-worldwide) | modified |
+| 1/31/2024 | [Network provider details in the Microsoft 365 Admin Center (PREVIEW)](/microsoft-365/enterprise/office-365-network-mac-perf-nppdetails?view=o365-worldwide) | added |
+| 1/31/2024 | [Security advisories](/microsoft-365/security/defender-vulnerability-management/tvm-weaknesses-security-advisories?view=o365-worldwide) | added |
+| 1/31/2024 | [Vulnerability methods and properties](/microsoft-365/security/defender-endpoint/api/vulnerability?view=o365-worldwide) | modified |
+| 1/31/2024 | [Use basic permissions to access the portal](/microsoft-365/security/defender-endpoint/basic-permissions?view=o365-worldwide) | modified |
+| 1/31/2024 | [Vulnerabilities in my organization](/microsoft-365/security/defender-vulnerability-management/tvm-weaknesses?view=o365-worldwide) | modified |
+| 1/31/2024 | [Automatic attack disruption in Microsoft Defender XDR](/microsoft-365/security/defender/automatic-attack-disruption?view=o365-worldwide) | modified |
+| 1/31/2024 | [Microsoft 365 for frontline workers - scenario posters](/microsoft-365/frontline/flw-scenario-posters?view=o365-worldwide) | modified |
+| 1/31/2024 | [Threat protection report in Microsoft Defender for Endpoint](/microsoft-365/security/defender-endpoint/threat-protection-reports?view=o365-worldwide) | modified |
+| 2/1/2024 | [Deploy and manage device control in Microsoft Defender for Endpoint with Group Policy](/microsoft-365/security/defender-endpoint/device-control-deploy-manage-gpo?view=o365-worldwide) | added |
+| 2/1/2024 | [Deploy and manage device control in Microsoft Defender for Endpoint with Microsoft Intune](/microsoft-365/security/defender-endpoint/device-control-deploy-manage-intune?view=o365-worldwide) | added |
+| 2/1/2024 | [Microsoft Defender for Endpoint Device Control frequently asked questions](/microsoft-365/security/defender-endpoint/device-control-faq?view=o365-worldwide) | renamed |
+| 2/1/2024 | [Device control in Microsoft Defender for Endpoint](/microsoft-365/security/defender-endpoint/device-control-overview?view=o365-worldwide) | added |
+| 2/1/2024 | [Device control policies in Microsoft Defender for Endpoint](/microsoft-365/security/defender-endpoint/device-control-policies?view=o365-worldwide) | added |
+| 2/1/2024 | [Device control walkthroughs](/microsoft-365/security/defender-endpoint/device-control-walkthroughs?view=o365-worldwide) | added |
+| 2/1/2024 | Deploy and manage using group policy | removed |
+| 2/1/2024 | Deploy and manage printer protection using Intune | removed |
+| 2/1/2024 | Deploy and manage Removable Storage Access Control using group policy | removed |
+| 2/1/2024 | Deploy and manage Removable Storage Access Control using Intune | removed |
+| 2/1/2024 | Microsoft Defender for Endpoint Device Control Removable Storage Access Control, removable storage media | removed |
+| 2/1/2024 | Microsoft Defender for Endpoint Device Control Removable Storage Protection | removed |
+| 2/1/2024 | [View device control events and information in Microsoft Defender for Endpoint](/microsoft-365/security/defender-endpoint/device-control-report?view=o365-worldwide) | modified |
+| 2/1/2024 | Microsoft Defender for Endpoint Device Control Device Installation | removed |
+| 2/1/2024 | Printer Protection frequently asked questions | removed |
+| 2/1/2024 | Printer Protection Overview | removed |
+| 2/1/2024 | Microsoft Defender for Endpoint Device Control Printer Protection | removed |
+| 2/1/2024 | [How Microsoft identifies malware and potentially unwanted applications](/microsoft-365/security/intelligence/criteria?view=o365-worldwide) | modified |
+| 2/2/2024 | [Synchronize users in multitenant organizations in Microsoft 365 (Preview)](/microsoft-365/enterprise/sync-users-multi-tenant-orgs?view=o365-worldwide) | modified |
+| 2/2/2024 | [View licensed and unlicensed Microsoft 365 users with PowerShell](/microsoft-365/enterprise/view-licensed-and-unlicensed-users-with-microsoft-365-powershell?view=o365-worldwide) | modified |
+| 2/2/2024 | [View Microsoft 365 licenses and services with PowerShell](/microsoft-365/enterprise/view-licenses-and-services-with-microsoft-365-powershell?view=o365-worldwide) | modified |
+| 2/2/2024 | [Attack surface reduction rules reference](/microsoft-365/security/defender-endpoint/attack-surface-reduction-rules-reference?view=o365-worldwide) | modified |
+| 2/2/2024 | [Microsoft Defender XDR # < 60 chars](/microsoft-365/security/defender/index?view=o365-worldwide) | modified |
++ ## Week of January 22, 2024
| 1/5/2024 | [Advanced hunting in multi-tenant management in Microsoft Defender XDR](/microsoft-365/security/defender/mto-advanced-hunting?view=o365-worldwide) | modified | | 1/5/2024 | [Analyze your first incident in Microsoft Defender XDR](/microsoft-365/security/defender/respond-first-incident-analyze?view=o365-worldwide) | modified | | 1/5/2024 | [Investigate malicious email that was delivered in Microsoft 365, Find and investigate malicious email](/microsoft-365/security/office-365-security/investigate-malicious-email-that-was-delivered?view=o365-worldwide) | modified |--
-## Week of December 25, 2023
--
-| Published On |Topic title | Change |
-|||--|
-| 12/28/2023 | [Advanced data residency in Microsoft 365](/microsoft-365/enterprise/advanced-data-residency?view=o365-worldwide) | modified |
-| 12/28/2023 | [Azure integration with Microsoft 365](/microsoft-365/enterprise/azure-integration?view=o365-worldwide) | modified |
-| 12/28/2023 | [How to configure Exchange Server on-premises to use Hybrid Modern Authentication](/microsoft-365/enterprise/configure-exchange-server-for-hybrid-modern-authentication?view=o365-worldwide) | modified |
-| 12/28/2023 | [Configure Microsoft 365 user account properties with PowerShell](/microsoft-365/enterprise/configure-user-account-properties-with-microsoft-365-powershell?view=o365-worldwide) | modified |
-| 12/28/2023 | [Connect an on-premises network to a Microsoft Azure virtual network](/microsoft-365/enterprise/connect-an-on-premises-network-to-a-microsoft-azure-virtual-network?view=o365-worldwide) | modified |
-| 12/28/2023 | [Step 1. Determine your cloud identity model](/microsoft-365/enterprise/deploy-identity-solution-identity-model?view=o365-worldwide) | modified |
-| 12/28/2023 | [Disable access to Microsoft 365 services with PowerShell](/microsoft-365/enterprise/disable-access-to-services-with-microsoft-365-powershell?view=o365-worldwide) | modified |
-| 12/28/2023 | [Hybrid Modern Authentication overview and prerequisites for use with on-premises Skype for Business and Exchange servers](/microsoft-365/enterprise/hybrid-modern-auth-overview?view=o365-worldwide) | modified |
-| 12/28/2023 | [Overview and Definitions](/microsoft-365/enterprise/m365-dr-overview?view=o365-worldwide) | modified |
-| 12/28/2023 | [Data Residency for Other Microsoft 365 Services](/microsoft-365/enterprise/m365-dr-workload-other?view=o365-worldwide) | modified |
-| 12/28/2023 | [Data Residency for SharePoint Online and OneDrive for Business](/microsoft-365/enterprise/m365-dr-workload-spo?view=o365-worldwide) | modified |
-| 12/28/2023 | [Manage Microsoft 365 user accounts](/microsoft-365/enterprise/manage-microsoft-365-accounts?view=o365-worldwide) | modified |
-| 12/28/2023 | [Microsoft 365 endpoints](/microsoft-365/enterprise/microsoft-365-endpoints?view=o365-worldwide) | modified |
-| 12/28/2023 | [Microsoft 365 integration with on-premises environments](/microsoft-365/enterprise/microsoft-365-integration?view=o365-worldwide) | modified |
-| 12/28/2023 | [Special considerations for Stream and Teams events in VPN environments](/microsoft-365/enterprise/microsoft-365-vpn-stream-and-live-events?view=o365-worldwide) | modified |
-| 12/28/2023 | [Prepare a nonroutable domain for directory synchronization](/microsoft-365/enterprise/prepare-a-non-routable-domain-for-directory-synchronization?view=o365-worldwide) | modified |
-| 12/28/2023 | [Remove Microsoft 365 licenses from user accounts with PowerShell](/microsoft-365/enterprise/remove-licenses-from-user-accounts-with-microsoft-365-powershell?view=o365-worldwide) | modified |
-| 12/28/2023 | [Set up directory synchronization for Microsoft 365](/microsoft-365/enterprise/set-up-directory-synchronization?view=o365-worldwide) | modified |
-| 12/28/2023 | [Turn off directory synchronization for Microsoft 365](/microsoft-365/enterprise/turn-off-directory-synchronization?view=o365-worldwide) | modified |
-| 12/28/2023 | [View Microsoft 365 licenses and services with PowerShell](/microsoft-365/enterprise/view-licenses-and-services-with-microsoft-365-powershell?view=o365-worldwide) | modified |
-| 12/28/2023 | [View Microsoft 365 user accounts with PowerShell](/microsoft-365/enterprise/view-user-accounts-with-microsoft-365-powershell?view=o365-worldwide) | modified |
-| 12/28/2023 | [Microsoft 365 cloud-only identity](/microsoft-365/enterprise/cloud-only-identities?view=o365-worldwide) | modified |
-| 12/28/2023 | [Step 3: Protect your Microsoft 365 user accounts](/microsoft-365/enterprise/microsoft-365-secure-sign-in?view=o365-worldwide) | modified |
-| 12/28/2023 | [Prepare for directory synchronization to Microsoft 365](/microsoft-365/enterprise/prepare-for-directory-synchronization?view=o365-worldwide) | modified |
-| 12/28/2023 | [Step 2. Protect your Microsoft 365 privileged accounts](/microsoft-365/enterprise/protect-your-global-administrator-accounts?view=o365-worldwide) | modified |
-| 12/29/2023 | [AADSignInEventsBeta table in the advanced hunting schema](/microsoft-365/security/defender/advanced-hunting-aadsignineventsbeta-table?view=o365-worldwide) | modified |
-| 12/29/2023 | [AlertEvidence table in the advanced hunting schema](/microsoft-365/security/defender/advanced-hunting-alertevidence-table?view=o365-worldwide) | modified |
-| 12/29/2023 | [BehaviorInfo table in the advanced hunting schema](/microsoft-365/security/defender/advanced-hunting-behaviorinfo-table?view=o365-worldwide) | modified |
-| 12/29/2023 | [CloudAppEvents table in the advanced hunting schema](/microsoft-365/security/defender/advanced-hunting-cloudappevents-table?view=o365-worldwide) | modified |
-| 12/29/2023 | [DeviceEvents table in the advanced hunting schema](/microsoft-365/security/defender/advanced-hunting-deviceevents-table?view=o365-worldwide) | modified |
-| 12/29/2023 | [DeviceFileEvents table in the advanced hunting schema](/microsoft-365/security/defender/advanced-hunting-devicefileevents-table?view=o365-worldwide) | modified |
-| 12/29/2023 | [DeviceImageLoadEvents table in the advanced hunting schema](/microsoft-365/security/defender/advanced-hunting-deviceimageloadevents-table?view=o365-worldwide) | modified |
-| 12/29/2023 | [DeviceInfo table in the advanced hunting schema](/microsoft-365/security/defender/advanced-hunting-deviceinfo-table?view=o365-worldwide) | modified |
-| 12/29/2023 | [DeviceLogonEvents table in the advanced hunting schema](/microsoft-365/security/defender/advanced-hunting-devicelogonevents-table?view=o365-worldwide) | modified |
-| 12/29/2023 | [DeviceProcessEvents table in the advanced hunting schema](/microsoft-365/security/defender/advanced-hunting-deviceprocessevents-table?view=o365-worldwide) | modified |
-| 12/29/2023 | [DeviceRegistryEvents table in the advanced hunting schema](/microsoft-365/security/defender/advanced-hunting-deviceregistryevents-table?view=o365-worldwide) | modified |
security Minimum Requirements https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender-endpoint/minimum-requirements.md
Devices on your network must be running one of these editions. New features or c
### Supported Windows versions - Windows 11 Enterprise-- Windows 11 Enterprise IoT
+- Windows 11 IoT Enterprise
- Windows 11 Education - Windows 11 Pro - Windows 11 Pro Education - Windows 10 Enterprise - [Windows 10 Enterprise LTSC 2016 (or later)](/windows/whats-new/ltsc/)-- Windows 10 Enterprise IoT (including LTSC)
+- Windows 10 IoT Enterprise (including LTSC)
- Windows 10 Education - Windows 10 Pro - Windows 10 Pro Education
security Communicate Defender Experts Xdr https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender/communicate-defender-experts-xdr.md
description: Defender Experts for XDR has multiple channels to discuss incidents, managed response, and service support keywords: XDR, Xtended detection and response, defender experts for xdr, Microsoft Defender Experts for XDR, managed threat hunting, managed detection and response (MDR) service, service delivery manager, Managed response in Teams, real-time visibility with XDR experts, ask defender experts + ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security
audience: ITPro
- m365-security - tier1
- - essentials-overview
+ - essentials-manage
search.appverid: met150 Last updated 01/29/2024
security Microsoft Sentinel Onboard https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/security/defender/microsoft-sentinel-onboard.md
To onboard and use Microsoft Sentinel in the Microsoft Defender portal, you must
- A Microsoft Entra tenant that's allow-listed by Microsoft to connect a workspace through the Defender portal - A Log Analytics workspace that has Microsoft Sentinel enabled-- The data connector for Microsoft Defender XDR (formerly named Microsoft Defender XDR) enabled in Microsoft Sentinel for incidents and alerts
+- The data connector for Microsoft Defender XDR (formerly named Microsoft 365 Defender) enabled in Microsoft Sentinel for incidents and alerts
- Microsoft Defender XDR onboarded to the Microsoft Entra tenant - An Azure account with the appropriate roles to onboard and use Microsoft Sentinel in the Defender portal. The following table highlights some of the key roles needed.
syntex Structured Freeform Setup https://github.com/MicrosoftDocs/microsoft-365-docs/commits/public/microsoft-365/syntex/structured-freeform-setup.md
You also need to [allocate AI Builder credits](/power-platform/admin/capacity-ad
If you have [AI Builder credits allocated](/power-platform/admin/capacity-add-on) to the environment, these credits will be used first. Once the credits are exhausted, the processing transactions are charged to the meter.
-When using a custom environment, model creators must be assigned the Environment Maker security role and model users must be assigned the Basic User security role. For more information, see [Assign a security role to a user](/power-platform/admin/assign-security-roles). Custom security roles can be created to specifically grant access to the AI Builder tables as the Environment Maker role so those users can create models. You don't need to assign users this role if you're using the default Power Platform environment.
+When using a custom environment, model creators must be assigned the Environment Maker security role. Model users must have permission to use (not edit) the model file in SharePoint libraries. For more information, see [Assign a security role to a user](/power-platform/admin/assign-security-roles). Custom security roles can be created to specifically grant access to the AI Builder tables as the Environment Maker role so those users can create models. You don't need to assign users this role if you're using the default Power Platform environment.
<! Users creating models in a [content center site](create-a-content-center.md) must be site members. Users creating models locally outside the content center must be site owners of those sites.>