Welcome to the Microsoft Q&A Platform. Thank you for reaching out & I hope you are doing well.
Different Microsoft O365 Services would require different URLs, FQDNs , IPs and Ports to be whitelisted.
For a complete list of the configurations, refer : Office 365 URLs and IP address ranges.
Some of the above can be achieved using Service tags in Azure Firewall.
As described in Use Azure Firewall to protect Office 365.
If a specific combination of product, category and required/not required has only FQDNs required, but uses TCP ports that aren't 80/443, an FQDN tag isn't be created for this combination. Application Rules can only cover HTTP, HTTPS or MSSQL
Wrt SharePoint,
- For SharePoint, please use the tags with Office365.SharePoint in Application Rules and Network Rules.
- Please note that these tags are new and the Service Tags document is yet to be updated.
- See : https://github.com/MicrosoftDocs/azure-docs/issues/117488
With respect to AAD authentication,
- You can use "AzureActiveDirectory" and "AzureActiveDirectoryDomainServices".
- Or you can use the FQDN : login.microsoftonline.com
Cheers,
Kapil
Please Accept an answer if correct.
Original posters help the community find answers faster by identifying the correct answer.