Add Office365 GCC High Regions

README.md

@@ -2,14 +2,12 @@
 
 ## A Whitelist for PiHole and Microsoft Office 365
 
-This is a script that will add exact and regex whitelist entries for use with Microsoft 365.  It will also add some blacklist entries.  I've been testing this whitelist for the past six months working from home using and adminstering O365 with PiHole as my DNS.  I have a comprehensive set of block lists and some regex entries, so I've added some additonal entries that I've found may be required if you're in that situation.  Also, there is a lot of telemery in Microsoft 365, so blacklist entries are added as well.
+This is a fork of https://github.com/TheSmashy/O365Whitlist
 
 DNS entries were sourced from Microsoft https://docs.microsoft.com/en-us/microsoft-365/enterprise/urls-and-ip-address-ranges?view=o365-worldwide
-Not every entry was added as some are not required and some could be considered malicous.
 
-Most of this project is based off the work of Anudeep, visit his page and give him money: https://github.com/anudeepND/whitelist
+https://github.com/MicrosoftDocs/microsoft-365-docs/blob/public/microsoft-365/includes/office-365-u.s.-government-gcc-high-endpoints.md
 
-This has been tested on version 5 of PiHole, it really relies on the database to make regex entries.  There is a text whitelist, but I have no idea if it'll work.  I haven't tested this with docker, so I'll do that later and add support and directions.
 
 ## Installation
 You should have python3 installed.  If you don't, go get it.  
@@ -23,5 +21,4 @@ You should have python3 installed.  If you don't, go get it.
 
     sudo python3 O365Whitlist/scripts/uninstall.py  
 
-**Note**  
-You should backup your gravity database before manipulating it with a script.  If you want to manually add these domains to your whitelists, there are two files you can use in the **Manual** folder; ExactDomains.txt - Exact domain matches and RegexDomains.txt - Regex domain, paste them into domain field under Whitelist management and check the box for "Add domain as wildcard".  If you want to use the script, backup your gravity database via ```sudo cp /etc/pihole/gravity.db /etc/pihole/gravity.bak``` and then procede with the installation.  See [here](https://github.com/pi-hole/pi-hole/issues/3860) for an issue related to scripts corrupting the gravity database.
+

domains/whitelist.txt

@@ -93,3 +93,39 @@ portal.office.com
 www.office.com
 suite.office.net
 mlccdn.blob.core.windows.net
+*.office365.us
+outlook.office365.us
+attachments.office365-net.us
+*.office365-net.us
+*.onmicrosoft.com
+*.onmicrosoft.us
+*.sharepoint.us
+*.onedrive.us
+msteamsstatics.blob.core.usgovcloudapi.net
+statics.teams.microsoft.com
+teamsapuiwebcontent.blob.core.usgovcloudapi.net
+*.gov.skypeforbusiness.us
+*.gov.teams.microsoft.us
+*.cdn.office365.us
+*.auth.microsoft.us
+*.gov.us.microsoftonline.com
+graph.microsoft.us
+graph.microsoftazure.us
+login.microsoftonline.us
+*.msauth.net
+*.msauthimages.us
+*.msftauth.net
+*.msftauthimages.us
+clientconfig.microsoftonline-p.net
+graph.windows.net
+login.microsoftonline.com
+login.microsoftonline-p.com
+login.windows.net
+loginex.microsoftonline.com
+login-us.microsoftonline.com
+mscrl.microsoft.com
+nexus.microsoftonline-p.com
+secure.aadcdn.microsoftonline-p.com
+officehome.msocdn.us
+prod.msocdn.us
+gcc-high.activity.windows.us

scripts/domains.sql

@@ -106,4 +106,13 @@
 (1, 'watson.telemetry.microsoft.com', 1, 'Microsoft O365 Telemetry - h5pYKA')
 (1, 'data.flurry.com', 1, 'Microsoft O365 Telemetry - h5pYKA')
 (1, 'app.adjust.com', 1, 'Microsoft O365 Telemetry - h5pYKA')
-(1, 'activity.windows.com', 1, 'Microsoft O365 Telemetry - h5pYKA')
+(1, 'activity.windows.com', 1, 'Microsoft O365 Telemetry - h5pYKA')
+(0, '(\.|^)office365\.us$', 1, 'Microsoft O365 GCC High - Allow Required - h5pYKA')
+(0, '(\.|^)office365-net\.us$', 1, 'Microsoft O365 GCC High - Allow Required - h5pYKA')
+(0, '(\.|^)onmicrosoft\.us$', 1, 'Microsoft O365 GCC High - Allow Required - h5pYKA')
+(0, '(\.|^)onedrive\.us$', 1, 'Microsoft O365 GCC High - Allow Required - h5pYKA')
+(0, '(\.|^)core.usgovcloudapi\.net$', 1, 'Microsoft O365 GCC High - Allow Required - h5pYKA')
+(0, '(\.|^)core.skypeforbusiness\.us$', 1, 'Microsoft O365 GCC High - Allow Required - h5pYKA')
+(0, '(\.|^)microsoft\.us$', 1, 'Microsoft O365 GCC High - Allow Required - h5pYKA')
+(0, '(\.|^)microsoftazure\.us$', 1, 'Microsoft O365 GCC High - Allow Required - h5pYKA')
+(0, '(\.|^)microsoftonline\.us$', 1, 'Microsoft O365 GCC High - Allow Required - h5pYKA')