Microsoft provides a wide range of online resources and services—such as APIs, content delivery networks (CDNs), and multiple authentication endpoints that enable users to sign in to its platforms and access cloud-based products and services.

To ensure that authentication processes and service consumption function correctly and without disruption, the network security infrastructure must allow communication with these specific endpoints.

In this context, it is necessary to configure and include multiple Microsoft-related URLs and domains in the Static URL Filter within a Web Filter profile. 

The URL list is:

• 'login.microsoftonline.com'
• 'login.live.com'
• '*.msauth.net'
• '*.cdn.office.net'
• '*.akamai.net'
• '*.onecdn.static.microsoft'
• 'onenote.cloud.microsoft'     <--- OneNote
• 'onenote.officeapps.live.com'   <--- OneNote
• '*.microsoft.com'
• '*.office.com'
• 'my.microsoftpersonalcontent.com'       
• 'storage.live.com'
• 'onedrive.live.com'
• '*.resources.office.net'
• '*.cloud.microsoft'
• '*.*'   <----- The last one is required to block all the others URL not listed

Disable FortiGuard Category

Note: To disable the FortiGuard Category to avoid inconsistency.

For this example, access was granted only to the OneNote product.

URL List

If it is necessary to discovery what is the right URL to another product, follow the procedure from the article on the reference to get specific website by URL

For the steps in this article, it is not required to have deep inspection, but only certificate inspection.

Related article:

Technical Tip: Specific website by URL Filter allowed, but the website was not displayed correctly