Microsoft 365 CDN URLs

Kevin Hawkins 141 Reputation points
2023-09-05T09:01:49.5366667+00:00

Hi all,

We are currently upgrading Office 2013 to 365, we have concerns deploying to VPN users as there is a solid possibility to max out the line. We want to deploy Microsoft 365 Apps for Enterprise to VPN users via the CDN deployment rather than the complete SCCM package. We want to enable split tunnelling and allow users to reach out to Microsoft locally for installation.

We are trying to limit the URLs we open for the VPN split tunnelling to CDN URLs only. Microsoft have a full list for 365 online here;

https://learn.microsoft.com/en-us/microsoft-365/enterprise/urls-and-ip-address-ranges?view=o365-worldwide

Has anyone, or does anyone know what URLs we need to add to allow CDN access ONLY on the VPN so users can reach out to Microsoft to download the installer source files for the installation? I know this may not be a supported configuration, but it is something that we need to try.

Thanks

Microsoft 365 and Office | Install, redeem, activate | For business | Windows
0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. Barry Evanz 235 Reputation points
    2023-10-16T17:40:57.2233333+00:00

    To restrict VPN split tunneling to specific CDN URLs, consider utilizing the following list of URLs, focusing on Microsoft 365 Apps for Enterprise CDN deployment.

    *.officeapps.live.com

    *.office.com

    *.officecdn.microsoft.com

    *.office365.com

    These URLs encompass the essential Microsoft 365 Apps for Enterprise CDN resources. By integrating this list into your VPN split tunneling configuration, users can access the CDN for downloading installation source files efficiently.

    It's crucial to acknowledge that this configuration falls outside Microsoft's official support parameters. Office 365 Apps for Enterprise typically doesn't endorse the use of split tunneling. However, this approach may offer a practical solution to deploy Office 365 Apps for Enterprise to VPN users without overloading the network connection.

    Depending on your specific environment, you may need to adjust the URL list, particularly if you employ a custom domain for your Office 365 tenant. Rigorously test this configuration in a controlled environment before deploying it to your production network. Continuously monitor your VPN connection's performance post-deployment to ensure it doesn't adversely impact other applications.

    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.