All Micrsoft delivery optimization regex actions

was just talking about this in another thread here. We have a URL list that resolves this. We haven't had to update it in awhile but it's easy enough if we have to.

\b(?:\d{1,3}\.){3}\d{1,3}\b\/filestreamingservice\/files\/.*
\b(?:\d{1,3}\.){3}\d{1,3}\b\/.*\/filestreamingservice\/files\/.*
\b(?:\d{1,3}\.){3}\d{1,3}\b\/.*.intunewin.bin
\b(?:\d{1,3}\.){3}\d{1,3}\b\/.*\/ctldl.windowsupdate.com\/msdownload\/update\/v3\/static\/trustedr\/.*
\b(?:\d{1,3}\.){3}\d{1,3}\b\/pr\/.*\/Office\/Data\/.*
\b(?:\d{1,3}\.){3}\d{1,3}\b\/d\/msdownload\/.*

so with this regex above for Microsoft Delivery Optimization what actions are you all allowing Browse, Download, Post, ect…??

Page 1 / 1

@ccreed,

What’s the intent of this policy and regular expression? Additionally, if you are trying to apply policy to these URLs you will want to ensure none of them are in the default bypasses as certain services such as Windows Update are usually in the default bypass list.

I found this posted on here and the issue we are seeing is Microsoft Defender Updates being blocked as uncategorized domains that are coming across as ip address. I have validated these are not being bypassed and have a support case open on this.

I’m experiencing the same issue. We have a policy that blocks Uncategorized applications and blocks activities such as Download, Upload, and Login, except for Browse. However, it keeps blocking Windows Update with paths like XXX/filestreamingservice/files/XX.

Additionally, some IP addresses with hashes are not covered by this regex, such as:
14.XX.XX.XX/<random_token>/a