microsoft 365 IPs (#24812)

Author: ranbel

src/content/docs/cloudflare-one/connections/connect-devices/warp/configure-warp/warp-settings/index.mdx

@@ -285,6 +285,12 @@ Configures the WARP client to exclude or include traffic to specific IP addresse
 
 Creates [Split Tunnel](/cloudflare-one/connections/connect-devices/warp/configure-warp/route-traffic/split-tunnels/) Exclude entries for all [Microsoft 365 IP addresses specified by Microsoft](https://docs.microsoft.com/en-us/microsoft-365/enterprise/microsoft-365-ip-web-service). To use this setting, **Split Tunnels** must be set to **Exclude IPs and domains**. Once enabled, all Microsoft 365 network traffic will bypass WARP and Gateway.
 
+:::note
+Microsoft has recently made changes to the IPs used by their applications (such as Microsoft Teams). Until Microsoft updates their [IP address and URL web service](https://learn.microsoft.com/en-us/microsoft-365/enterprise/microsoft-365-ip-web-service?view=o365-worldwide), you will need to manually add the following IPs to your [Split Tunnels Exclude list](/cloudflare-one/connections/connect-devices/warp/configure-warp/route-traffic/split-tunnels/#add-a-route):
+- `24.24.24.24/32`
+- `52.120.0.0/14`
+:::
+
 ### Allow users to enable local network exclusion
 
 <Details header="Feature availability">

src/content/docs/cloudflare-one/connections/connect-devices/warp/troubleshooting/known-limitations.mdx

@@ -18,6 +18,12 @@ The WARP client does not run on Windows Server. Refer to the [downloads page](/c
 
 [Managed network detection](/cloudflare-one/connections/connect-devices/warp/configure-warp/managed-networks/) will not work when the TLS certificate is served from IIS 8.5 on Windows Server 2012 R2. To work around the limitation, move the certificate to a different host.
 
+## Split Tunnels for Microsoft 365 traffic
+
+Microsoft has recently made changes to the IP addresses used by Microsoft 365 applications (such as Microsoft Teams). Customers using the [Directly route Microsoft 365 traffic](/cloudflare-one/connections/connect-devices/warp/configure-warp/warp-settings/#directly-route-microsoft-365-traffic) feature will need to manually add the following IPs to their [Split Tunnels Exclude list](/cloudflare-one/connections/connect-devices/warp/configure-warp/route-traffic/split-tunnels/#add-a-route):
+- `24.24.24.24/32`
+- `52.120.0.0/14`
+
 ## nslookup on Windows in DoH mode
 
 On Windows devices in [Gateway with DoH mode](/cloudflare-one/connections/connect-devices/warp/configure-warp/warp-modes/#gateway-with-doh), `nslookup` by default sends DNS requests to the [WARP local DNS proxy](/cloudflare-one/connections/connect-devices/warp/configure-warp/route-traffic/warp-architecture/#dns-traffic) over IPv6. However, because WARP uses an IPv4-mapped IPv6 address (instead of a real IPv6 address), `nslookup` will not recognize this address type and the query will fail: