This article applies to:
- WebMarshal
- Microsoft 365 cloud services
Question:
- How can I exclude Microsoft 365 services from WebMarshal filtering?
- How can I block access to certain Microsoft 365 services with WebMarshal?
Background:
Microsoft maintains a web service that provides up to date lists of URLs used by Microsoft 365.
In WebMarshal 7.5.0 and above, WebMarshal can automatically retrieve these URLs for use in FileFilter and the Proxy Bypass functionality.
- See the User Guide and Help
You can add these FileFilter category listings to WebMarshal Categories, to apply rules to the URLs or exclude them from rules.
You can choose to add the All URLs list to the Proxy Bypass feature in WebMarshal Global Settings.
The FileFilter categories are:
- Microsoft 365 All URLs: Includes all URLs in the below categories
- Microsoft 365 Common: Includes URLs used by multiple Microsoft 365 services
- Microsoft 365 Exchange: Includes URLs used by Microsoft 365 Exchange Online
- Microsoft 365 Sharepoint: Includes URLs used by Microsoft 365 Sharepoint
- Microsoft 365 Skype: Includes URLs used by Microsoft 365 Skype
For more information about the URLs and categories, see the Microsoft 365 IP web service page maintained by Microsoft.
For details of FileFilter usage see WebMarshal Help.
Procedure (earlier versions):
In earlier versions of WebMarshal, to retrieve and apply these lists with WebMarshal, you can use the attached Powershell script "MicrosoftRangesFileFilter.ps1"
This script saves the lists in files formatted for use with WebMarshal FileFilter (7.1 and above - earlier versions do not support wildcards in FileFilter).
- Download the attached zip archive. Extract the script and copy it to the WebMarshal Array Manager server.
- If the Array Manager cannot be given Web access, use another computer that has access.
- Powershell 5.0 or above is required.
- The attached file (updated in December 2021) explicitly sets the TLS version for the connection to TLS 1.2.
- The script is unsigned. You may need to use the set-executionpolicy cmdlet to allow the script to run. Carefully consider local security policy before making settings.
- Run the script with Powershell.
- Save the output to the FileFilter source location (see below).
- Trustwave suggests that you run this script daily between 0100 and 0200 local time. (The FileFilter daily update to processing nodes occurs between 0200 and 0300).
- To specify the output location, use the -savePath parameter.
- If this parameter is not provided, the files are saved in the folder where the script is run.
- Note: Parameters that include spaces must be enclosed in single quotes.
- For example:
powershell .\MicrosoftRangesFileFilter.ps1 -savePath 'C:\Program Files\Trustwave\WebMarshal\ArrayManager\Policy\FilteringLists\FileFilter'
It is also possible to import the formatted files directly into WebMarshal categories in the WebMarshal Console. The import will return an error for the FileFilter header line, but all URLs will be imported.
Notes:
- The functionality included in version 7.5.0 and above is supported software.
- The Powershell script and documentation for earlier versions are not supported software.
- These materials have been created by Trustwave to assist customers.
- Customers should review the script and results carefully to determine applicability to their environment.