update for new service tags

Author: vhorne

articles/firewall/fqdn-tags.md

@@ -33,6 +33,8 @@ The following table shows the current FQDN tags you can use. Microsoft maintains
 |AzureHDInsight|Allows outbound access for HDInsight platform traffic. This tag doesn’t cover customer-specific Storage or SQL traffic from HDInsight. Enable these using [Service Endpoints](../virtual-network/tutorial-restrict-network-access-to-resources.md) or add them manually.|
 |WindowsVirtualDesktop|Allows outbound Azure Virtual Desktop (formerly Windows Virtual Desktop) platform traffic. This tag doesn’t cover deployment-specific Storage and Service Bus endpoints created by Azure Virtual Desktop. Additionally, DNS and KMS network rules are required. For more information about integrating Azure Firewall with Azure Virtual Desktop, see [Use Azure Firewall to protect Azure Virtual Desktop deployments](protect-azure-virtual-desktop.md).|
 |AzureKubernetesService (AKS)|Allows outbound access to AKS. For more information, see [Use Azure Firewall to protect Azure Kubernetes Service (AKS) Deployments](protect-azure-kubernetes-service.md).|
+|Office365<br><br>For example: Office365.Skype.Optimize|Several Office 365 tags are available to allow outbound access by Office 365 product and category. For more information, see [Office 365 URLs and IP address ranges](/microsoft-365/enterprise/urls-and-ip-address-ranges).|
+|Windows365|Allows outbound communication to Windows 365, excluding network endpoints for Microsoft Intune. To allow outbound communication to port 5671, create a separated network rule. For more information, see Windows 365 [Network requirements](/windows-365/enterprise/requirements-network).|
 
 > [!NOTE]
 > When selecting FQDN Tag in an application rule, the protocol:port field must be set to **https**.

articles/firewall/service-tags.md

@@ -18,7 +18,10 @@ Azure Firewall service tags can be used in the network rules destination field.
 
 ## Supported service tags
 
-See [Virtual network service tags](../virtual-network/service-tags-overview.md#available-service-tags) for a list of service tags that are available for use in Azure firewall network rules.
+Azure Firewall supports the following Service Tags to use in Azure Firewall Network rules:
+
+- Tags for various Microsoft and Azure services listed in [Virtual network service tags](../virtual-network/service-tags-overview.md#available-service-tags).
+- Tags for the required IP addresses of Office365 services, split by Office365 product and category. You must define the TCP/UDP ports specified in the [Office 365 documentation](/microsoft-365/enterprise/urls-and-ip-address-ranges) inside your rules. 
 
 ## Configuration