![]() One of the domains of "Office 365 Worldwide Services" is *., that's why it's possible to have the same IPs for domains of and and that's why it's matched on this object. I tried to see the resolving responses of domains of, all of them returned domains of as their canonical name. ![]() Hi object "Office 365 Worldwide Services" contains IP addresses and domains as part of its content.ġ04.46.60.117 is not part of the IP addresses ranges of this object, this is correct, but it should be part of the domains associated to this object, that's why it's matched on it. Herewith some of the IPs we've had to add: My impression is that the current implementation is really half baked and whilst it ticks some boxes isn't reliable. There are again never ending hosts that we have to continually manually add to allowed network group objects. We drop requests to unknown or uncategorised sites and want to allow 'Azure AD Connect' and 'Azure AD Application Proxy' hosts to connect back to Microsoft. ![]() We subsequently created a rule that allows access to 'Azure Active Directory Domain Public Services' and 'Azure Active Directory Public Services' but many requests flow to destinations not covered by these.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |