Bypass Microsoft (Office 365) Services rule set

The Bypass Microsoft (Office 365) Services rule set is the default rule set for letting requests and responses in traffic to and from Office 365 and other Microsoft services bypass filtering on Web Gateway.

Default rule set – Bypass Microsoft (Office 365) Services
CriteriaAlways
CyclesRequests (and IM), Responses

The rule set contains the following rules.

Shortcut Microsoft service in response
Cycle.Name equals "Response" AND User-Defined.Shortcut_Microsoft_Service equals trueStop Cycle
The rule uses the Cycle.Name property to find out whether processing on Web Gateway is currently going on in the response cycle.
It also uses a user-defined property to check whether the response that is processed in this cycle was triggered by a client requesting access to Office 365 or any of several other Microsoft services.
If such a request is received on Web Gateway, a particular rule that is processed in the request cycle sets the user-defined property to true. The current rule checks whether the property is actually set this way in the response cycle, using the second part of its criteria.
If both criteria parts match, the rule applies and the response cycle is stopped. The response is then forwarded to the requesting client without filtering.
This rule is enabled by default.
Note:

All rules that follow the first rule in the rule set work in a similar way. They ensure that a request sent by a client of Web Gateway to a particular Microsoft service is forwarded to this service unfiltered.

Each of them also sets the property that is evaluated by the first rule to true after receiving such a request.

The first of these subsequent rules is explained here as an example in full detail. A summary is then given for all other rules.

Bypass Exchange Online
URL.Destination.IP is in range list Exchange Online IP Addresses OR URL.Destination.IP is in range list Exchange Online Protection P Addresses OR URL.Host matches in list Exchange Online URLsStop CycleSet User-Defined.Shortcut_Microsoft_Service = true
The rule uses the URL.Destination.IP and URL.Host properties to find out whether the IP address and URL that are sent with a request are on particular lists.
If they are, the request cycle is stopped and the request is forwarded to the requested destination, which is the Microsoft Exchange Online service.
The User-Defined.Shortcut_Microsoft_Service property is then set to true by an event. The property is evaluated in the response cycle by the first rule in the rule set.
This rule is not enabled by default.
Bypass Microsoft Federation Gateway, Bypass Microsoft Lync/Skype for Business Online, and other rules for Microsoft services bypassing
Similar to the Bypass Exchange Online rule, these rules use the URL.Destination.IP property or the URL.Host property or both (in one case also the URL property) to find out whether the IP addresses or URLs that are sent with requests are on particular lists. The lists vary with each rule depending on the respective service.
If the IP addresses or URLs are found on the lists, the request cycle is stopped and the request is forwarded to the requested destination, which is one of the Microsoft services.
The User-Defined.Shortcut_Microsoft_Service property is then set to true by an event. The property is evaluated in the response cycle by the first rule in the rule set.
None of these rules is enabled by default.