{ "AzureCloud": [ { "name": "OfficeActivation_App", "priority": 100, "ruleCollectionType": "FirewallPolicyFilterRuleCollection", "action": { "type": "Allow" }, "rules": [ { "ruleType": "ApplicationRule", "name": "activation", "protocols": [ { "protocolType": "Http", "port": 80 }, { "protocolType": "Https", "port": 443 } ], "fqdnTags": [], "webCategories": [], "targetFqdns": [ // From https://learn.microsoft.com/en-us/office/troubleshoot/activation/sign-in-issues and https://learn.microsoft.com/en-us/office/troubleshoot/activation/temporary-server-issues "activation.sls.microsoft.com", "officecdn.microsoft.com", "ols.officeapps.live.com", "odc.officeapps.live.com", "Office15client.microsoft.com", "cdn.odc.officeapps.live.com", "officeclient.microsoft.com" ], "targetUrls": [], "terminateTLS": false, "sourceIpGroups": ["{{ipAddressPool}}"] } ] }, { "name": "OfficeCertificates_App", "priority": 200, "ruleCollectionType": "FirewallPolicyFilterRuleCollection", "action": { "type": "Allow" }, "rules": [ { "ruleType": "ApplicationRule", "name": "CRL", "protocols": [ { "protocolType": "Http", "port": 80 }, { "protocolType": "Https", "port": 443 } ], "fqdnTags": [], "webCategories": [], "targetFqdns": [ "crl.microsoft.com", "*.entrust.net", "*.geotrust.com", "*.omniroot.com", "*.public-trust.com", "*.symcb.com", "*.symcd.com", "*.verisign.com", "*.verisign.net", "apps.identrust.com", "cacerts.digicert.com", "cert.int-x3.letsencrypt.org", "crl.globalsign.com", "crl.globalsign.net", "crl.identrust.com", "crl3.digicert.com", "crl4.digicert.com", "isrg.trustid.ocsp.identrust.com", "mscrl.microsoft.com", "ocsp.digicert.com", "ocsp.globalsign.com", "ocsp.msocsp.com", "ocsp2.globalsign.com", "ocspx.digicert.com", "secure.globalsign.com", "www.digicert.com", "www.microsoft.com", "ocsp.int-x3.letsencrypt.org" ], "targetUrls": [], "terminateTLS": false, "sourceIpGroups": ["{{ipAddressPool}}"] } ] } ], "AzureUSGovernment": [ // TODO: These URLs might require revision for AzureUSGovernment { "name": "OfficeActivation_App", "priority": 100, "ruleCollectionType": "FirewallPolicyFilterRuleCollection", "action": { "type": "Allow" }, "rules": [ { "ruleType": "ApplicationRule", "name": "activation", "protocols": [ { "protocolType": "Http", "port": 80 }, { "protocolType": "Https", "port": 443 } ], "fqdnTags": [], "webCategories": [], "targetFqdns": [ // From https://learn.microsoft.com/en-us/microsoft-365/enterprise/microsoft-365-u-s-government-gcc-high-endpoints?view=o365-worldwide "activation.sls.microsoft.com", "officecdn.microsoft.com", "ols.officeapps.live.com", "odc.officeapps.live.com", "Office15client.microsoft.com", "cdn.odc.officeapps.live.com", "officeclient.microsoft.com" ], "targetUrls": [], "terminateTLS": false, "sourceIpGroups": ["{{ipAddressPool}}"] } ] }, { "name": "OfficeCertificates", "priority": 200, "ruleCollectionType": "FirewallPolicyFilterRuleCollection", "action": { "type": "Allow" }, "rules": [ { "ruleType": "ApplicationRule", "name": "CRL", "protocols": [ { "protocolType": "Http", "port": 80 }, { "protocolType": "Https", "port": 443 } ], "fqdnTags": [], "webCategories": [], "targetFqdns": [ "crl.microsoft.com", "*.entrust.net", "*.geotrust.com", "*.omniroot.com", "*.public-trust.com", "*.symcb.com", "*.symcd.com", "*.verisign.com", "*.verisign.net", "apps.identrust.com", "cacerts.digicert.com", "cert.int-x3.letsencrypt.org", "crl.globalsign.com", "crl.globalsign.net", "crl.identrust.com", "crl3.digicert.com", "crl4.digicert.com", "isrg.trustid.ocsp.identrust.com", "mscrl.microsoft.com", "ocsp.digicert.com", "ocsp.globalsign.com", "ocsp.msocsp.com", "ocsp2.globalsign.com", "ocspx.digicert.com", "secure.globalsign.com", "www.digicert.com", "www.microsoft.com", "ocsp.int-x3.letsencrypt.org" ], "targetUrls": [], "terminateTLS": false, "sourceIpGroups": ["{{ipAddressPool}}"] } ] } ] }