cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

How to configure Office 365 connector in a proxy-enabled environment or firewall

How to configure Office 365 connector in a proxy-enabled environment or firewall

Summary

This article describes how the Office 365 (deprecated) and new Microsoft 365  connectors work with proxy setting and what sites (URLs) does it need online access to.

Important: This article was written prior to the release of FlexNet Manager Suite 2018 R2, in which proxy support was added to FlexNet Manager Suite PowerShell adapters. With releases of FlexNet Manager Suite 2018 R2 and later, in order to utilize proxy support, use the "Proxy Settings" section of the "Create PowerShell Source Connection" Flexnet Beacon dialog to enter proxy server, username and password information. The information in this article regarding whitelisting URLs that are needed for our Microsoft connectors applies to all versions of FlexNet Manager Suite.

Synopsis

Office 365 (deprecated) and new Microsoft 365 connectors will use the proxy configuration for whichever user is launching the ComplianceReader.exe executable.


This effectively means that whichever service user account is set for the FlexNet Beacon Engine Service in the Services Manager, the proxy configuration for that user will be used when connecting to these connectors.
If the Service is kept as using the Local System account, then the Proxy settings need to be distributed for the whole machine through Active Directory Group Policy.

Discussion

In order for the Office 365 (deprecated) connector to be able to pull data from the Office 365 Cloud environment, the FlexNet Beacon needs access to these sites/URLs (https over TCP Port 443 and http over TCP Port 80). 

which are required by Microsoft (https over TCP Port 443 and http over TCP Port 80). Please refer this Microsoft KB article (Office 365 URLs and IP address ranges) -- https://docs.microsoft.com/en-us/office365/enterprise/urls-and-ip-address-ranges

So on that page you can find under ID 56 the following URLs:

Below are some samples URL you will need to open the firewall. You may also need additional URL to be open per to the Microsoft KB (Office 365 URLs and IP address ranges)

  • https://outlook.office365.com (to access the Microsoft Hosted instance)
  • https://*.prod.outlook.com (to access Microsoft's Exchange Server)
  • https://login.windows.net (to get an authentication token)
  • https://*.YourLoginDomain.com (whatever is after the @ symbol for the user set on the Beacon to run this task)
  • https://*.onMicrosoft.com (If you are using a locally hosted Lync or Skype / Hybrid Office 365 environment)
  • https://*.online.lync.com (to access Skype for Business Usage)
  • http://ocsp.digicert.com & crl3.digicert.com & crl4.digicert.com & crl.microsoft.com & mscrl.microsoft.com (To access the CRL repositories needed for the Certificate Revocation Check during the SSL handshake)

In order for the new Microsoft 365 connector to be able to pull data from the Microsoft 365 Cloud environment, the FlexNet Beacon needs access to these sites/URLs which are required by Microsoft (https over TCP Port 443 and http over TCP Port 80). Please refer this Microsoft KB article (Office 365 URLs and IP address ranges) -- https://docs.microsoft.com/en-us/office365/enterprise/urls-and-ip-address-ranges

So on that page you can find under ID 56 the following URLs:

Below are some samples URL you will need to open the firewall. You may also need additional URL to be open per to the Microsoft KB (Office 365 URLs and IP address ranges)

In order to configure the proxy configuration for the Service Account, simply launch Internet Options as that user (or login to the device with that user) from Internet Explorer's Tools Menu or from the Control Panel.
Enter the Proxy Settings needed for the Beacon to be able to go online and access Office 365.

User-added image

 

Additional Information

If the FlexNet Beacon Engine Service login is using the Local System account, which is the scenario by default, there are a couple options to overcome that:

  1. Change the FlexNet Beacon Engine Logon As setting to use your Service Account, then use the above options to set your proxy settings. The downside is that this setting would revert back to default after every Beacon upgrade.
  2. Have your Windows Admin set the correct Proxy Settings in the Group Policy and give access on the Proxy Server to allow the Machine to links above, which would work when using the Local System account.
Labels (1)
Was this article helpful? Yes No
No ratings
Comments

Hi @GregBirk ,

does this mean, that the proxy setting in the Beacon O365 setup has no effect and it must be a local beacon setting?

2019-11-26 14_35_07-VW_SAM - VMware Workstation.png

hi @dennis_reinhardt 

i too agree with you on this and we can use the Adapter in the Flexnet Beacon suite to configure the same i did integrate office 365 but not via proxy.

Regards, 

varma

Hi @dennis_reinhardt  and @winvarma.  Based on your questions, I have updated the article to include the Important note that appears in the Summary section of the article. 

Version history
Revision #:
5 of 5
Last update:
‎Jan 13, 2020 05:14 PM
Updated by: