1 Reply Latest reply on Nov 22, 2017 10:21 AM by Jon Scholten

    Whitelisting question

    tribunal

      We are having some issues with Skype for Business where people can't authenticate or are continuously getting prompts to authenticate.  I've already whitelisted everything required by Microsoft (You can see them at Office 365 URLs and IP address ranges - Office 365 )

       

      My question is, we typically whitelist by either *.domain.com or *domain.com.  We have found in our environment that the MWGs react differently based on where you put the *, and having *domain.com does not whitelist something like asdf.domain.com, it only whitelists anything that has domain.com as the ending without anything in front of it.  For example, *microsoft.com does not whitelist asdf.microsoft.com, it only whitelists anything like asdfmicrosoft.com. 

       

      This makes me wonder if *.domain.com includes everything in front or do I need to put *.*.domain.com if necessary?  For example, I've whitelisted *.microsoftonline.com but in cases where an address is something like api.login.microsoftonline.com, do I need to use *.*.microsoftonline.com as a whitelist entry?  Hopefully I made this question understandable but please let me know if you need clarification.  Thank you.