Oct 2018 – Office 365 XML Feed Change

Around April 2018 Microsoft announced that on October 2, 2018 they would be discontinuing the Office 365 IP Address feed in XML format. In that doc they also announced they would be creating a new feed in JSON or CSV format.

Office 365 endpoint categories and Office 365 IP Address and URL web service

Microsoft Is Changing How They Publish Office 365 IP Addresses and Urls for Firewall and Proxy Access

Those of us that use the WSA and Office 365 likely have a Custom URL Category that uses this XML feed for whitelisting all O365 IPs.

On October 31 around 8 pm eastern time my WSAs started throwing errors stating they were unable to get to the XML feed.

The error looked like this.

The Warning message is:

A protocol error occurred while communicating with the feed server.

Error: ‘The requested file is not found on the server’
External URL Category: ASI..BypassO365
Feed Address: https://support.content.office.net/en-us/static/O365IPAddresses.xml

Product: Cisco S100V Web Security Virtual Appliance
Model: S100V
Version: 10.5.2-061
Serial Number: 421344604DAA68FEDC57-A11112988135
Timestamp: 31 Oct 2018 12:15:43 -0400

Of course, I didn’t know MS was discontinuing the XML feed because, well life, so when I saw these errors I started looking around. I found the above links explaining the MS change. Then I realized I can’t just plug the new JSON URL into my SMA or my WSAs. I checked the WSA release notes for 11.5(1)124 and saw this

Office 365 Web Service External URL Categories

You can configure your appliance with Microsoft Office 365 web service’s external live feed which serves URLs and IPs. The web service URL must not contain a ClientRequestId, and must have JSON as the format.

Ok looks good.   I upgraded one of my WSAs to 11.5(1)124 and was then able to select Office 365 Web Service.

In the Web Service URL use this address


Do not add ClientRequestID like the MS document states. The WSA will dynamically generate that for you.


WSA External URL Category Dialog

Here is a good doc from Microsoft explaining the change.

At this time the latest version of code for my SMA is 11.5, but the Configuration Master is still 11.0.  Further the latest SMA code does not support the new Office 365 JSON feed format so you will have to manually configure the JSON feed URL on all of your Web Security Appliances.


Leave a Reply

Your email address will not be published.