diff --git a/src/content/docs/cloudflare-one/connections/connect-devices/warp/configure-warp/warp-settings/index.mdx b/src/content/docs/cloudflare-one/connections/connect-devices/warp/configure-warp/warp-settings/index.mdx index b5c6b0852b0b9d..b00244195695df 100644 --- a/src/content/docs/cloudflare-one/connections/connect-devices/warp/configure-warp/warp-settings/index.mdx +++ b/src/content/docs/cloudflare-one/connections/connect-devices/warp/configure-warp/warp-settings/index.mdx @@ -285,6 +285,12 @@ Configures the WARP client to exclude or include traffic to specific IP addresse Creates [Split Tunnel](/cloudflare-one/connections/connect-devices/warp/configure-warp/route-traffic/split-tunnels/) Exclude entries for all [Microsoft 365 IP addresses specified by Microsoft](https://docs.microsoft.com/en-us/microsoft-365/enterprise/microsoft-365-ip-web-service). To use this setting, **Split Tunnels** must be set to **Exclude IPs and domains**. Once enabled, all Microsoft 365 network traffic will bypass WARP and Gateway. +:::note +Microsoft has recently made changes to the IPs used by their applications (such as Microsoft Teams). Until Microsoft updates their [IP address and URL web service](https://learn.microsoft.com/en-us/microsoft-365/enterprise/microsoft-365-ip-web-service?view=o365-worldwide), you will need to manually add the following IPs to your [Split Tunnels Exclude list](/cloudflare-one/connections/connect-devices/warp/configure-warp/route-traffic/split-tunnels/#add-a-route): +- `24.24.24.24/32` +- `52.120.0.0/14` +::: + ### Allow users to enable local network exclusion
diff --git a/src/content/docs/cloudflare-one/connections/connect-devices/warp/troubleshooting/known-limitations.mdx b/src/content/docs/cloudflare-one/connections/connect-devices/warp/troubleshooting/known-limitations.mdx index 4085d090239b4c..51b8d8c5b75f88 100644 --- a/src/content/docs/cloudflare-one/connections/connect-devices/warp/troubleshooting/known-limitations.mdx +++ b/src/content/docs/cloudflare-one/connections/connect-devices/warp/troubleshooting/known-limitations.mdx @@ -18,6 +18,12 @@ The WARP client does not run on Windows Server. Refer to the [downloads page](/c [Managed network detection](/cloudflare-one/connections/connect-devices/warp/configure-warp/managed-networks/) will not work when the TLS certificate is served from IIS 8.5 on Windows Server 2012 R2. To work around the limitation, move the certificate to a different host. +## Split Tunnels for Microsoft 365 traffic + +Microsoft has recently made changes to the IP addresses used by Microsoft 365 applications (such as Microsoft Teams). Customers using the [Directly route Microsoft 365 traffic](/cloudflare-one/connections/connect-devices/warp/configure-warp/warp-settings/#directly-route-microsoft-365-traffic) feature will need to manually add the following IPs to their [Split Tunnels Exclude list](/cloudflare-one/connections/connect-devices/warp/configure-warp/route-traffic/split-tunnels/#add-a-route): +- `24.24.24.24/32` +- `52.120.0.0/14` + ## nslookup on Windows in DoH mode On Windows devices in [Gateway with DoH mode](/cloudflare-one/connections/connect-devices/warp/configure-warp/warp-modes/#gateway-with-doh), `nslookup` by default sends DNS requests to the [WARP local DNS proxy](/cloudflare-one/connections/connect-devices/warp/configure-warp/route-traffic/warp-architecture/#dns-traffic) over IPv6. However, because WARP uses an IPv4-mapped IPv6 address (instead of a real IPv6 address), `nslookup` will not recognize this address type and the query will fail: