Around April 2018 Microsoft announced that on October 2, 2018 they would be discontinuing the Office 365 IP Address feed in XML format. In that doc they also announced they would be creating a new feed in JSON or CSV format.
Those of us that use the WSA and Office 365 likely have a Custom URL Category that uses this XML feed for whitelisting all O365 IPs.
On October 31 around 8 pm eastern time my WSAs started throwing errors stating they were unable to get to the XML feed.
The error looked like this.
The Warning message is:
A protocol error occurred while communicating with the feed server.
Error: 'The requested file is not found on the server'
External URL Category: ASI..BypassO365
Feed Address: https://support.content.office.net/en-us/static/O365IPAddresses.xml
Product: Cisco S100V Web Security Virtual Appliance
Serial Number: 421344604DAA68FEDC57-A11112988135
Timestamp: 31 Oct 2018 12:15:43 -0400
Of course, I didn’t know MS was discontinuing the XML feed because, well life, so when I saw these errors I started looking around. I found the above links explaining the MS change. Then I realized I can’t just plug the new JSON URL into my SMA or my WSAs. I checked the WSA release notes for 11.5(1)124 and saw this
Office 365 Web Service External URL Categories
You can configure your appliance with Microsoft Office 365 web service's external live feed which serves URLs and IPs. The web service URL must not contain a ClientRequestId, and must have JSON as the format.
Ok looks good. I upgraded one of my WSAs to 11.5(1)124 and was then able to select Office 365 Web Service.
In the Web Service URL use this address
Do not add ClientRequestID like the MS document states. The WSA will dynamically generate that for you.
At this time the latest version of code for my SMA is 11.5, but the Configuration Master is still 11.0. Further the latest SMA code does not support the new Office 365 JSON feed format so you will have to manually configure the JSON feed URL on all of your Web Security Appliances.