You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: docs/data-sources/utility_microsoft_365_endpoint_reference.md
+150-4Lines changed: 150 additions & 4 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -3,7 +3,7 @@ page_title: "microsoft365_utility_microsoft_365_endpoint_reference Data Source -
3
3
subcategory: "Utility"
4
4
5
5
description: |-
6
-
Retrieves Microsoft 365 network endpoints from the official Microsoft 365 IP Address and URL Web Service. This datasource queries https://endpoints.office.com to get current IP addresses, URLs, and ports for Microsoft 365 services. Useful for configuring firewalls, proxy servers, SD-WAN devices, and PAC files. Data is filtered by cloud instance (Worldwide, US Government, China) and can be narrowed by service area and category.
6
+
Retrieves Microsoft 365 network endpoints from the official Microsoft 365 IP Address and URL Web Service. This datasource queries https://endpoints.office.com with all service areas (MEM, Exchange, Skype, SharePoint, Common) to get current IP addresses, URLs, and ports for Microsoft 365 services including Intune/Endpoint Manager. Useful for configuring firewalls, proxy servers, SD-WAN devices, and PAC files. Data is filtered by cloud instance (Worldwide, US Government, China) and can be narrowed by service area and category.
7
7
See Managing Microsoft 365 endpoints https://learn.microsoft.com/en-us/microsoft-365/enterprise/managing-office-365-endpoints for configuration guidance.
8
8
---
9
9
@@ -76,6 +76,7 @@ See [Microsoft 365 Network Connectivity Principles](https://learn.microsoft.com/
76
76
77
77
## Service Areas
78
78
79
+
-**MEM**: Microsoft Endpoint Manager (Intune, Autopilot, Windows Updates, Remote Help)
for endpoint in data.microsoft365_utility_microsoft_365_endpoint_reference.mem_all.endpoints :
714
+
endpoint.category
715
+
]) :
716
+
category => [
717
+
for endpoint in data.microsoft365_utility_microsoft_365_endpoint_reference.mem_all.endpoints :
718
+
endpoint if endpoint.category == category
719
+
]
720
+
}
721
+
}
722
+
723
+
output "mem_firewall_rules" {
724
+
description = "Firewall rules for MEM endpoints"
725
+
value = local.mem_firewall_rules
726
+
}
727
+
728
+
output "mem_by_category" {
729
+
description = "MEM endpoints grouped by category (Allow/Default)"
730
+
value = {
731
+
for category, endpoints in local.mem_by_category :
732
+
category => {
733
+
count = length(endpoints)
734
+
urls = distinct(flatten([for ep in endpoints : coalesce(ep.urls, [])]))
735
+
ips = distinct(flatten([for ep in endpoints : coalesce(ep.ips, [])]))
736
+
}
737
+
}
738
+
}
739
+
740
+
# Example: Extract specific Intune services
741
+
output "intune_core_management" {
742
+
description = "Core Intune management endpoints (ID 163)"
743
+
value = [
744
+
for endpoint in data.microsoft365_utility_microsoft_365_endpoint_reference.mem_all.endpoints :
745
+
{
746
+
urls = coalesce(endpoint.urls, [])
747
+
ips = coalesce(endpoint.ips, [])
748
+
}
749
+
if endpoint.id == 163
750
+
]
751
+
}
752
+
753
+
output "windows_update_urls" {
754
+
description = "Windows Update delivery endpoints for Intune"
755
+
value = flatten([
756
+
for endpoint in data.microsoft365_utility_microsoft_365_endpoint_reference.mem_all.endpoints :
757
+
coalesce(endpoint.urls, [])
758
+
if(endpoint.notes != null && (
759
+
strcontains(lower(endpoint.notes), "windows") ||
760
+
strcontains(lower(endpoint.notes), "update")
761
+
)) ||
762
+
length([
763
+
for url in coalesce(endpoint.urls, []) :
764
+
url if strcontains(lower(url), "update") || strcontains(lower(url), "windowsupdate")
765
+
]) > 0
766
+
])
767
+
}
768
+
```
769
+
625
770
## Argument Reference
626
771
627
772
*`instance` - (Required) The Microsoft 365 cloud instance to query. Valid values: `worldwide`, `usgov-dod`, `usgov-gcchigh`, `china`.
628
773
629
-
*`service_areas` - (Optional) Filter endpoints by service area. Valid values: `Exchange`, `SharePoint`, `Skype`, `Common`. If omitted, returns all service areas.
774
+
*`service_areas` - (Optional) Filter endpoints by service area. Valid values: `MEM`, `Exchange`, `SharePoint`, `Skype`, `Common`. If omitted, returns all service areas.
630
775
631
776
*`categories` - (Optional) Filter endpoints by network optimization category. Valid values: `Optimize`, `Allow`, `Default`. If omitted, returns all categories.
632
777
@@ -642,7 +787,7 @@ output "network_summary" {
642
787
643
788
*`endpoints` - List of endpoint objects. Each endpoint contains:
644
789
-`id` - Unique identifier for this endpoint set (from Microsoft's service)
645
-
-`service_area` - Service area code: `Exchange`, `SharePoint`, `Skype`, or `Common`
790
+
-`service_area` - Service area code: `MEM`, `Exchange`, `SharePoint`, `Skype`, or `Common`
646
791
-`service_area_display_name` - Human-readable service area name
647
792
-`urls` - List of URL patterns/FQDNs (may include wildcards like `*.office.com`)
648
793
-`ips` - List of IP address ranges in CIDR notation (e.g., `40.96.0.0/13`)
@@ -683,6 +828,7 @@ If omitted, returns endpoints for all categories. See [Microsoft 365 Network Con
683
828
-`express_route` (Boolean) If `true`, only returns endpoints that support Azure ExpressRoute for Microsoft 365. Useful for organizations using ExpressRoute for optimized connectivity. Defaults to `false` (returns all endpoints regardless of ExpressRoute support).
684
829
-`required_only` (Boolean) If `true`, only returns endpoints marked as required by Microsoft. Optional endpoints provide enhanced functionality but are not necessary for core service operation. Defaults to `false` (returns all endpoints).
685
830
-`service_areas` (Set of String) Filter endpoints by service area. Valid values:
831
+
-`MEM` - Microsoft Endpoint Manager (Intune, Autopilot, Windows Updates)
686
832
-`Exchange` - Exchange Online and Exchange Online Protection
687
833
-`SharePoint` - SharePoint Online and OneDrive for Business
688
834
-`Skype` - Skype for Business Online and Microsoft Teams
@@ -715,7 +861,7 @@ Read-Only:
715
861
-`ips` (List of String) List of IP address ranges in CIDR notation (e.g., `40.96.0.0/13`). May be empty for URL-only endpoints.
716
862
-`notes` (String) Additional notes about this endpoint from Microsoft, such as third-party services or optional features.
717
863
-`required` (Boolean) Whether this endpoint is required for core Microsoft 365 functionality.
718
-
-`service_area` (String) The service area: `Exchange`, `SharePoint`, `Skype`, or `Common`.
864
+
-`service_area` (String) The service area: `MEM`, `Exchange`, `SharePoint`, `Skype`, or `Common`.
719
865
-`service_area_display_name` (String) Human-readable display name for the service area.
720
866
-`tcp_ports` (String) TCP ports used by this endpoint (comma-separated, e.g., `80,443` or ranges like `1024-65535`).
721
867
-`udp_ports` (String) UDP ports used by this endpoint (comma-separated, e.g., `3478-3481`).
MarkdownDescription: "Retrieves Microsoft 365 network endpoints from the official Microsoft 365 IP Address and URL Web Service. "+
51
-
"This datasource queries `https://endpoints.office.com` to get current IP addresses, URLs, and ports for Microsoft 365 services. "+
51
+
"This datasource queries `https://endpoints.office.com` with all service areas (MEM, Exchange, Skype, SharePoint, Common) "+
52
+
"to get current IP addresses, URLs, and ports for Microsoft 365 services including Intune/Endpoint Manager. "+
52
53
"Useful for configuring firewalls, proxy servers, SD-WAN devices, and PAC files. "+
53
54
"Data is filtered by cloud instance (Worldwide, US Government, China) and can be narrowed by service area and category.\n\n"+
54
55
"See [Managing Microsoft 365 endpoints](https://learn.microsoft.com/en-us/microsoft-365/enterprise/managing-office-365-endpoints) for configuration guidance.",
0 commit comments