I would like to consult with you, based on your experience, how can be organized access to apple services on enterprise networks where internet traffic is only allowed through the proxy. Following Apple's recommendations for enterprise networks https://support.apple.com/en-gb/HT210060 , We allow in firewall only outbound connections to 188.8.131.52/8., other external traffic go through HTTP proxy with a proxy auto-config (PAC) file. Referring to the Apple article, some of the Apple services do not support Proxy configurations, therefore we were forced to open direct access to them. Even after we allowed this outbound connections, Apple services such as AppStore, Software Update, AppleID, MDM enrolment etc. remained unavailable from our network. Analysing the captured logs from Firewall, we found that in the list of blocked traffic we have a lot of destinations to the Akamai content delivery network (CDN).
Addresses: 2a02:26f0:70::5c7a:7a90 184.108.40.206 220.127.116.11
Aliases: swcdn.apple.com swcdn.apple.com.akadns.net swcdn.g.aaplimg.com swcdn-eu-lb.apple.com.akadns.net swcdn.apple.com.edgesuite.net
or another example, when accessing the apple.com page we noticed that in the remote address is: 18.104.22.168:443 ( ASN Akamai IP)
Respectively, not having allowed traffic to Akamai, Apple services are becoming inaccessible in our network. It seems strange to us why in your recommendations, set out in the article to which we refer, Apple has no specify anything about this Akamai content delivery network (CDN)
Based on the above, what would be the solutiond to guarantee access to Apple services from enterprise network?