Office 365 URLs / IP Address Ranges and Ports

 

Exchange Online

ID	Category	ER	Addresses	Ports
1	Optimize Required	Yes	outlook.office.com, outlook.office365.com 13.107.6.152/31, 13.107.18.10/31, 13.107.128.0/22, 23.103.160.0/20, 40.96.0.0/13, 40.104.0.0/15, 52.96.0.0/14, 131.253.33.215/32, 132.245.0.0/16, 150.171.32.0/22, 204.79.197.215/32, 2603:1006::/40, 2603:1016::/36, 2603:1026::/36, 2603:1036::/36, 2603:1046::/36, 2603:1056::/36, 2620:1ec:4::152/128, 2620:1ec:4::153/128, 2620:1ec:c::10/128, 2620:1ec:c::11/128, 2620:1ec:d::10/128, 2620:1ec:d::11/128, 2620:1ec:8f0::/46, 2620:1ec:900::/46, 2620:1ec:a92::152/128, 2620:1ec:a92::153/128, 2a01:111:f400::/48	TCP: 443, 80
2	Allow Required	Yes	smtp.office365.com 13.107.6.152/31, 13.107.18.10/31, 13.107.128.0/22, 23.103.160.0/20, 40.96.0.0/13, 40.104.0.0/15, 52.96.0.0/14, 131.253.33.215/32, 132.245.0.0/16, 150.171.32.0/22, 204.79.197.215/32, 2603:1006::/40, 2603:1016::/36, 2603:1026::/36, 2603:1036::/36, 2603:1046::/36, 2603:1056::/36, 2620:1ec:4::152/128, 2620:1ec:4::153/128, 2620:1ec:c::10/128, 2620:1ec:c::11/128, 2620:1ec:d::10/128, 2620:1ec:d::11/128, 2620:1ec:8f0::/46, 2620:1ec:900::/46, 2620:1ec:a92::152/128, 2620:1ec:a92::153/128, 2a01:111:f400::/48	TCP: 587
3	Default Required	No	r1.res.office365.com, r3.res.office365.com, r4.res.office365.com	TCP: 443, 80
5	Allow Optional Notes: Exchange Online IMAP4 migration	Yes	*.outlook.office.com, outlook.office365.com 13.107.6.152/31, 13.107.18.10/31, 13.107.128.0/22, 23.103.160.0/20, 40.96.0.0/13, 40.104.0.0/15, 52.96.0.0/14, 131.253.33.215/32, 132.245.0.0/16, 150.171.32.0/22, 204.79.197.215/32, 2603:1006::/40, 2603:1016::/36, 2603:1026::/36, 2603:1036::/36, 2603:1046::/36, 2603:1056::/36, 2620:1ec:4::152/128, 2620:1ec:4::153/128, 2620:1ec:c::10/128, 2620:1ec:c::11/128, 2620:1ec:d::10/128, 2620:1ec:d::11/128, 2620:1ec:8f0::/46, 2620:1ec:900::/46, 2620:1ec:a92::152/128, 2620:1ec:a92::153/128, 2a01:111:f400::/48	TCP: 143, 993
6	Allow Optional Notes: Exchange Online POP3 migration	Yes	*.outlook.office.com, outlook.office365.com 13.107.6.152/31, 13.107.18.10/31, 13.107.128.0/22, 23.103.160.0/20, 40.96.0.0/13, 40.104.0.0/15, 52.96.0.0/14, 131.253.33.215/32, 132.245.0.0/16, 150.171.32.0/22, 204.79.197.215/32, 2603:1006::/40, 2603:1016::/36, 2603:1026::/36, 2603:1036::/36, 2603:1046::/36, 2603:1056::/36, 2620:1ec:4::152/128, 2620:1ec:4::153/128, 2620:1ec:c::10/128, 2620:1ec:c::11/128, 2620:1ec:d::10/128, 2620:1ec:d::11/128, 2620:1ec:8f0::/46, 2620:1ec:900::/46, 2620:1ec:a92::152/128, 2620:1ec:a92::153/128, 2a01:111:f400::/48	TCP: 995
8	Default Required	No	*.outlook.com, attachments.office.net	TCP: 443, 80
9	Allow Required	Yes	*.protection.outlook.com 40.92.0.0/15, 40.107.0.0/16, 52.100.0.0/14, 52.238.78.88/32, 104.47.0.0/17, 2a01:111:f403::/48	TCP: 443
10	Allow Required	Yes	*.mail.protection.outlook.com 40.92.0.0/15, 40.107.0.0/16, 52.100.0.0/14, 104.47.0.0/17, 2a01:111:f400::/48, 2a01:111:f403::/48	TCP: 25
154	Default Required	No	autodiscover.<tenant>.onmicrosoft.com	TCP: 443, 80

SharePoint Online and OneDrive for Business

ID	Category	ER	Addresses	Ports
31	Optimize Required	Yes	<tenant>.sharepoint.com, <tenant>-my.sharepoint.com 13.107.136.0/22, 40.108.128.0/17, 52.104.0.0/14, 104.146.128.0/17, 150.171.40.0/22, 2603:1061:1300::/40, 2620:1ec:8f8::/46, 2620:1ec:908::/46, 2a01:111:f402::/48	TCP: 443, 80
32	Default Optional Notes: OneDrive for Business: supportability, telemetry, APIs, and embedded email links	No	ssw.live.com, storage.live.com	TCP: 443
33	Default Optional Notes: SharePoint Hybrid Search - Endpoint to SearchContentService where the hybrid crawler feeds documents	No	*.search.production.apac.trafficmanager.net, *.search.production.emea.trafficmanager.net, *.search.production.us.trafficmanager.net	TCP: 443
35	Default Required	No	*.wns.windows.com, admin.onedrive.com, officeclient.microsoft.com	TCP: 443, 80
36	Default Required	No	g.live.com, oneclient.sfx.ms	TCP: 443, 80
37	Default Required	No	*.sharepointonline.com, spoprod-a.akamaihd.net	TCP: 443, 80
39	Default Required	No	*.gr.global.aa-rt.sharepoint.com, *.svc.ms, <tenant>-admin.sharepoint.com, <tenant>-files.sharepoint.com, <tenant>-myfiles.sharepoint.com	TCP: 443, 80

Skype for Business Online and Microsoft Teams

ID	Category	ER	Addresses	Ports
11	Optimize Required	Yes	13.107.64.0/18, 52.112.0.0/14, 52.120.0.0/14, 2603:1063::/38	UDP: 3478, 3479, 3480, 3481
12	Allow Required	Yes	*.lync.com, *.teams.microsoft.com, teams.microsoft.com 13.107.64.0/18, 52.112.0.0/14, 52.120.0.0/14, 52.238.119.141/32, 52.244.160.207/32, 2603:1027::/48, 2603:1037::/48, 2603:1047::/48, 2603:1057::/48, 2603:1063::/38, 2620:1ec:6::/48, 2620:1ec:40::/42	TCP: 443, 80
13	Allow Required	Yes	*.broadcast.skype.com, broadcast.skype.com 13.107.64.0/18, 52.112.0.0/14, 52.120.0.0/14, 52.238.119.141/32, 52.244.160.207/32, 2603:1027::/48, 2603:1037::/48, 2603:1047::/48, 2603:1057::/48, 2603:1063::/38, 2620:1ec:6::/48, 2620:1ec:40::/42	TCP: 443
15	Default Required	No	*.sfbassets.com	TCP: 443, 80
16	Default Required	No	*.keydelivery.mediaservices.windows.net, *.streaming.mediaservices.windows.net, mlccdn.blob.core.windows.net	TCP: 443
17	Default Required	No	aka.ms	TCP: 443
18	Default Optional Notes: Federation with Skype and public IM connectivity: Contact picture retrieval	No	*.users.storage.live.com	TCP: 443
19	Default Optional Notes: Applies only to those who deploy the Conference Room Systems	No	*.adl.windows.com	TCP: 443, 80
22	Allow Optional Notes: Teams: Messaging interop with Skype for Business	Yes	*.skypeforbusiness.com 13.107.64.0/18, 52.112.0.0/14, 52.120.0.0/14, 52.238.119.141/32, 52.244.160.207/32, 2603:1027::/48, 2603:1037::/48, 2603:1047::/48, 2603:1057::/48, 2603:1063::/38, 2620:1ec:6::/48, 2620:1ec:40::/42	TCP: 443
26	Default Required	No	*.msedge.net, compass-ssl.microsoft.com	TCP: 443
27	Default Required	No	*.mstea.ms, *.secure.skypeassets.com, mlccdnprod.azureedge.net	TCP: 443
127	Default Required	No	*.skype.com	TCP: 443, 80

Microsoft 365 Common and Office Online

ID	Category	ER	Addresses	Ports
41	Default Optional Notes: Microsoft Stream	No	*.microsoftstream.com	TCP: 443
43	Default Optional Notes: Microsoft Stream 3rd party integration (including CDNs)	No	nps.onyx.azure.net	TCP: 443
44	Default Optional Notes: Microsoft Stream - unauthenticated	No	*.azureedge.net, *.media.azure.net, *.streaming.mediaservices.windows.net	TCP: 443
45	Default Optional Notes: Microsoft Stream	No	*.keydelivery.mediaservices.windows.net	TCP: 443
46	Allow Required	Yes	*.officeapps.live.com, *.online.office.com, office.live.com 13.107.6.171/32, 13.107.18.15/32, 13.107.140.6/32, 52.108.0.0/14, 52.238.106.116/32, 52.244.37.168/32, 52.244.203.72/32, 52.244.207.172/32, 52.244.223.198/32, 52.247.150.191/32, 2603:1010:2::cb/128, 2603:1010:200::c7/128, 2603:1020:200::682f:a0fd/128, 2603:1020:201:9::c6/128, 2603:1020:600::a1/128, 2603:1020:700::a2/128, 2603:1020:800:2::6/128, 2603:1020:900::8/128, 2603:1030:7::749/128, 2603:1030:800:5::bfee:ad3c/128, 2603:1030:f00::17/128, 2603:1030:1000::21a/128, 2603:1040:200::4f3/128, 2603:1040:401::762/128, 2603:1040:601::60f/128, 2603:1040:a01::1e/128, 2603:1040:c01::28/128, 2603:1040:e00:1::2f/128, 2603:1040:f00::1f/128, 2603:1050:1::cd/128, 2620:1ec:c::15/128, 2620:1ec:8fc::6/128, 2620:1ec:a92::171/128, 2a01:111:f100:2000::a83e:3019/128, 2a01:111:f100:2002::8975:2d79/128, 2a01:111:f100:2002::8975:2da8/128, 2a01:111:f100:7000::6fdd:6cd5/128, 2a01:111:f100:a004::bfeb:88cf/128	TCP: 443, 80
47	Default Required	No	*.cdn.office.net, contentstorage.osi.office.net	TCP: 443
49	Default Required	No	*.onenote.com	TCP: 443
50	Default Optional Notes: OneNote notebooks (wildcards)	No	*.microsoft.com, *.office.net	TCP: 443
51	Default Required	No	*cdn.onenote.net	TCP: 443
53	Default Required	No	ajax.aspnetcdn.com, apis.live.net, officeapps.live.com, www.onedrive.com	TCP: 443
56	Allow Required	Yes	*.auth.microsoft.com, *.msftidentity.com, *.msidentity.com, account.activedirectory.windowsazure.com, accounts.accesscontrol.windows.net, adminwebservice.microsoftonline.com, api.passwordreset.microsoftonline.com, autologon.microsoftazuread-sso.com, becws.microsoftonline.com, ccs.login.microsoftonline.com, clientconfig.microsoftonline-p.net, companymanager.microsoftonline.com, device.login.microsoftonline.com, graph.microsoft.com, graph.windows.net, login.microsoft.com, login.microsoftonline.com, login.microsoftonline-p.com, login.windows.net, logincert.microsoftonline.com, loginex.microsoftonline.com, login-us.microsoftonline.com, nexus.microsoftonline-p.com, passwordreset.microsoftonline.com, provisioningapi.microsoftonline.com 20.190.128.0/18, 40.126.0.0/18, 2603:1006:2000::/48, 2603:1007:200::/48, 2603:1016:1400::/48, 2603:1017::/48, 2603:1026:3000::/48, 2603:1027:1::/48, 2603:1036:3000::/48, 2603:1037:1::/48, 2603:1046:2000::/48, 2603:1047:1::/48, 2603:1056:2000::/48, 2603:1057:2::/48	TCP: 443, 80
59	Default Required	No	*.hip.live.com, *.microsoftonline.com, *.microsoftonline-p.com, *.msauth.net, *.msauthimages.net, *.msecnd.net, *.msftauth.net, *.msftauthimages.net, *.phonefactor.net, enterpriseregistration.windows.net, management.azure.com, policykeyservice.dc.ad.msft.net	TCP: 443, 80
64	Allow Required	Yes	*.compliance.microsoft.com, *.protection.office.com, *.security.microsoft.com, compliance.microsoft.com, defender.microsoft.com, protection.office.com, security.microsoft.com 52.108.0.0/14, 2603:1006:1400::/40, 2603:1016:2400::/40, 2603:1026:2400::/40, 2603:1036:2400::/40, 2603:1046:1400::/40, 2603:1056:1400::/40, 2a01:111:200a:a::/64, 2a01:111:2035:8::/64, 2a01:111:f406:1::/64, 2a01:111:f406:c00::/64, 2a01:111:f406:1004::/64, 2a01:111:f406:1805::/64, 2a01:111:f406:3404::/64, 2a01:111:f406:8000::/64, 2a01:111:f406:8801::/64, 2a01:111:f406:a003::/64	TCP: 443
65	Allow Required	Yes	account.office.net 52.108.0.0/14, 2603:1006:1400::/40, 2603:1016:2400::/40, 2603:1026:2400::/40, 2603:1036:2400::/40, 2603:1046:1400::/40, 2603:1056:1400::/40, 2a01:111:200a:a::/64, 2a01:111:2035:8::/64, 2a01:111:f406:1::/64, 2a01:111:f406:c00::/64, 2a01:111:f406:1004::/64, 2a01:111:f406:1805::/64, 2a01:111:f406:3404::/64, 2a01:111:f406:8000::/64, 2a01:111:f406:8801::/64, 2a01:111:f406:a003::/64	TCP: 443, 80
66	Default Required	No	*.portal.cloudappsecurity.com, suite.office.net	TCP: 443
67	Default Optional Notes: Security and Compliance Center eDiscovery export	No	*.blob.core.windows.net	TCP: 443
68	Default Optional Notes: Portal and shared: 3rd party office integration. (including CDNs)	No	firstpartyapps.oaspapps.com, prod.firstpartyapps.oaspapps.com.akadns.net, telemetryservice.firstpartyapps.oaspapps.com, wus-firstpartyapps.oaspapps.com	TCP: 443
69	Default Required	No	*.aria.microsoft.com, *.events.data.microsoft.com	TCP: 443
70	Default Required	No	*.o365weve.com, amp.azure.net, appsforoffice.microsoft.com, assets.onestore.ms, auth.gfx.ms, c1.microsoft.com, dgps.support.microsoft.com, docs.microsoft.com, msdn.microsoft.com, platform.linkedin.com, prod.msocdn.com, shellprod.msocdn.com, support.content.office.net, support.microsoft.com, technet.microsoft.com, videocontent.osi.office.net, videoplayercdn.osi.office.net	TCP: 443
71	Default Required	No	*.office365.com	TCP: 443
72	Default Optional Notes: Azure Rights Management (RMS) with Office 2010 clients	No	*.cloudapp.net	TCP: 443
73	Default Required	No	*.aadrm.com, *.azurerms.com, *.informationprotection.azure.com, ecn.dev.virtualearth.net, informationprotection.hosting.portal.azure.net	TCP: 443
75	Default Optional Notes: Graph.windows.net, Office 365 Management Pack for Operations Manager, SecureScore, Azure AD Device Registration, Forms, StaffHub, Application Insights, captcha services	No	*.sharepointonline.com, dc.services.visualstudio.com, mem.gfx.ms, staffhub.ms	TCP: 443
78	Default Optional Notes: Some Office 365 features require endpoints within these domains (including CDNs). Many specific FQDNs within these wildcards have been published recently as we work to either remove or better explain our guidance relating to these wildcards.	No	*.microsoft.com, *.msocdn.com, *.office.net, *.onmicrosoft.com	TCP: 443, 80
79	Default Required	No	o15.officeredir.microsoft.com, officepreviewredir.microsoft.com, officeredir.microsoft.com, r.office.microsoft.com	TCP: 443, 80
83	Default Required	No	activation.sls.microsoft.com	TCP: 443
84	Default Required	No	crl.microsoft.com	TCP: 443, 80
86	Default Required	No	office15client.microsoft.com, officeclient.microsoft.com	TCP: 443
88	Default Required	No	insertmedia.bing.office.net	TCP: 443, 80
89	Default Required	No	go.microsoft.com	TCP: 443, 80
91	Default Required	No	ajax.aspnetcdn.com, cdn.odc.officeapps.live.com	TCP: 443, 80
92	Default Required	No	officecdn.microsoft.com, officecdn.microsoft.com.edgesuite.net	TCP: 443, 80
93	Default Optional Notes: ProPlus: auxiliary URLs	No	*.virtualearth.net, c.bing.net, excelbingmap.firstpartyapps.oaspapps.com, ocos-office365-s2s.msedge.net, peoplegraph.firstpartyapps.oaspapps.com, tse1.mm.bing.net, wikipedia.firstpartyapps.oaspapps.com, www.bing.com	TCP: 443, 80
95	Default Optional Notes: Outlook for Android and iOS	No	*.acompli.net, *.outlookmobile.com	TCP: 443
96	Default Optional Notes: Outlook for Android and iOS: Authentication	No	login.windows-ppe.net	TCP: 443
97	Default Optional Notes: Outlook for Android and iOS: Consumer Outlook.com and OneDrive integration	No	account.live.com, login.live.com	TCP: 443
105	Default Optional Notes: Outlook for Android and iOS: Outlook Privacy	No	www.acompli.com	TCP: 443
114	Default Optional Notes: Office Mobile URLs	No	*.appex.bing.com, *.appex-rf.msn.com, c.bing.com, c.live.com, d.docs.live.net, directory.services.live.com, docs.live.net, partnerservices.getmicrosoftkey.com, signup.live.com	TCP: 443, 80
116	Default Optional Notes: Office for iPad URLs	No	account.live.com, auth.gfx.ms, login.live.com	TCP: 443, 80
117	Default Optional Notes: Yammer	No	*.yammer.com, *.yammerusercontent.com	TCP: 443
118	Default Optional Notes: Yammer CDN	No	*.assets-yammer.com	TCP: 443
121	Default Optional Notes: Planner: auxiliary URLs	No	www.outlook.com	TCP: 443, 80
122	Default Optional Notes: Sway CDNs	No	eus-www.sway-cdn.com, eus-www.sway-extensions.com, wus-www.sway-cdn.com, wus-www.sway-extensions.com	TCP: 443
124	Default Optional Notes: Sway	No	sway.com, www.sway.com	TCP: 443
125	Default Required	No	*.entrust.net, *.geotrust.com, *.omniroot.com, *.public-trust.com, *.symcb.com, *.symcd.com, *.verisign.com, *.verisign.net, apps.identrust.com, cacerts.digicert.com, cert.int-x3.letsencrypt.org, crl.globalsign.com, crl.globalsign.net, crl.identrust.com, crl3.digicert.com, crl4.digicert.com, isrg.trustid.ocsp.identrust.com, mscrl.microsoft.com, ocsp.digicert.com, ocsp.globalsign.com, ocsp.msocsp.com, ocsp2.globalsign.com, ocspx.digicert.com, secure.globalsign.com, www.digicert.com, www.microsoft.com	TCP: 443, 80
126	Default Optional Notes: Connection to the speech service is required for Office Dictation features. If connectivity is not allowed, Dictation will be disabled.	No	officespeech.platform.bing.com	TCP: 443
128	Default Required	No	*.config.office.net, *.manage.microsoft.com	TCP: 443
147	Default Required	No	*.office.com	TCP: 443, 80
148	Default Required	No	cdnprod.myanalytics.microsoft.com, myanalytics.microsoft.com, myanalytics-gcc.microsoft.com	TCP: 443, 80
149	Default Required	No	workplaceanalytics.cdn.office.net	TCP: 443, 80
152	Default Optional Notes: These endpoints enables the Office Scripts functionality in Office clients available through the Automate tab. This feature can also be disabled through the Office 365 Admin portal.	No	*.microsoftusercontent.com	TCP: 443
153	Default Required	No	*.azure-apim.net, *.flow.microsoft.com, *.powerapps.com	TCP: 443
156	Default Required	No	*.activity.windows.com, activity.windows.com	TCP: 443
157	Default Required	No	ocsp.int-x3.letsencrypt.org	TCP: 80
158	Default Required	No	*.cortana.ai	TCP: 443
159	Default Required	No	admin.microsoft.com	TCP: 443, 80
160	Default Required	No	cdn.odc.officeapps.live.com, cdn.uci.officeapps.live.com	TCP: 443, 80