Preparing to implement split-tunneling-routing-negate. Any thoughts?

We are preparing to implement Split Tunneling for our SSL -VPN users, specifically to include split-tunneling-routing-negate to hopefully exclude Microsoft 365 services from traversing the SSLVPN tunnel and instead go out the local internet connection.

We have two (2) Fortigate 101Fs in a HA configuration.  Current firmware is 6.2.4

FortiClient versions 6.4.0.1464

We will be upgrading our firmware from 6.2.4 to 6.4.3, then from 6.4.3 to 6.4.4 as 6.2.4 does not have the split-tunneling-routing-negate option in the next 7-10 days.  Following the firmware upgrade, we want to implement the split tunnel with routing negate and have found only this Fortinet article documenting basic use. and unfortunately does not include a very detailed example.

We plan to implement the following commands:

config vpn ssl web portal       edit SSLVPN-AllUsers           set tunnel-mode enable           set split-tunneling enable           set split-tunneling-routing-negate enable

          set split-tunneling-routing-address <name1>, <name2>, ... I am not sure what to put here.  I have a run the powershell script from Microsoft to get the current list of all domains / ip addresses.  Should the set split-tunneling-routing-address command look like this:

          set split-tunneling-routing-address 104.146.128.0/17,104.42.230.91/32,104.47.0.0/17,13.107.128.0/22

Any help or comments or previous experience trying to implement this would be greatly appreciated.  

I originally planed on contacting support for verification, but I thought I would reach out in the Forums first.

Thanks for any assistance in advance.