About endpoint of AAD on ER environment

Question

I would like to know about the access route to AAD on ExpressRoute.

What's new in Azure Active Directory?
https://learn.microsoft.com/en-us/azure/active-directory/fundamentals/whats-new#expressroute-support-changes
May 2018
ExpressRoute support changes

I would like to know that what kind of the endpoints of AAD will be stopped supporting on "Azure public peering".
Are all the endpoints in the following articles via the Internet?

Office 365 URLs and IP address ranges
https://support.office.com/en-us/article/office-365-urls-and-ip-address-ranges-8548a211-3fe7-47cb-abb1-355ea5aa88a2?ui=en-US&rs=en-US&ad=US
[Authentication and identity FQDNs]

Incidentally, I understand that the endpoints of " ExpressRoute for Office 365 BGP Communities = yes" will be supported continously after 1st Aug.

Thanks in advance !

Answer 1

As per the update, you will see the Azure AD traffic gradually shifting from ExpressRoute to the Internet. So you should not be seeing any issue, but if there is any change is there you will notified further.

For customers using O365 services and you might need to use ER for authentication traffic you may have to move to MS Peering. Below is the direction:

• If you're on Azure public peering. Move to Microsoft peering and sign up for the Other Office 365 Online services (12076:5100) community. For more info about how to move from Azure public peering to Microsoft peering, see the Move a public peering to Microsoft peering article.
• If you're on Microsoft peering. Sign up for the Other Office 365 Online service (12076:5100) community. For more info about routing requirements, see the Support for BGP communities section of the ExpressRoute routing requirements article.

If you must continue to use dedicated circuits, you'll need to talk to your Microsoft Account team about how to get authorization to use the Other Office 365 Online service (12076:5100) community. The MS Office-managed review board will verify whether you need those circuits and make sure you understand the technical implications of keeping them. Unauthorized subscriptions trying to create route filters for Office 365 will receive an error message.