Exchange Online
ID | Category | ER | Addresses | Ports |
---|---|---|---|---|
1 | Optimize Required |
Yes | outlook.office.com, outlook.office365.com 13.107.6.152/31,
13.107.18.10/31, 13.107.128.0/22, 23.103.160.0/20, 40.96.0.0/13,
40.104.0.0/15, 52.96.0.0/14, 131.253.33.215/32, 132.245.0.0/16,
150.171.32.0/22, 204.79.197.215/32, 2603:1006::/40, 2603:1016::/36,
2603:1026::/36, 2603:1036::/36, 2603:1046::/36, 2603:1056::/36,
2620:1ec:4::152/128, 2620:1ec:4::153/128, 2620:1ec:c::10/128,
2620:1ec:c::11/128, 2620:1ec:d::10/128, 2620:1ec:d::11/128,
2620:1ec:8f0::/46, 2620:1ec:900::/46, 2620:1ec:a92::152/128,
2620:1ec:a92::153/128, 2a01:111:f400::/48 |
TCP: 443, 80 |
2 | Allow Required |
Yes | smtp.office365.com 13.107.6.152/31,
13.107.18.10/31, 13.107.128.0/22, 23.103.160.0/20, 40.96.0.0/13,
40.104.0.0/15, 52.96.0.0/14, 131.253.33.215/32, 132.245.0.0/16,
150.171.32.0/22, 204.79.197.215/32, 2603:1006::/40, 2603:1016::/36,
2603:1026::/36, 2603:1036::/36, 2603:1046::/36, 2603:1056::/36,
2620:1ec:4::152/128, 2620:1ec:4::153/128, 2620:1ec:c::10/128,
2620:1ec:c::11/128, 2620:1ec:d::10/128, 2620:1ec:d::11/128,
2620:1ec:8f0::/46, 2620:1ec:900::/46, 2620:1ec:a92::152/128,
2620:1ec:a92::153/128, 2a01:111:f400::/48 |
TCP: 587 |
3 | Default Required |
No | r1.res.office365.com, r3.res.office365.com, r4.res.office365.com |
TCP: 443, 80 |
5 | Allow Optional Notes: Exchange Online IMAP4 migration |
Yes | *.outlook.office.com, outlook.office365.com 13.107.6.152/31,
13.107.18.10/31, 13.107.128.0/22, 23.103.160.0/20, 40.96.0.0/13,
40.104.0.0/15, 52.96.0.0/14, 131.253.33.215/32, 132.245.0.0/16,
150.171.32.0/22, 204.79.197.215/32, 2603:1006::/40, 2603:1016::/36,
2603:1026::/36, 2603:1036::/36, 2603:1046::/36, 2603:1056::/36,
2620:1ec:4::152/128, 2620:1ec:4::153/128, 2620:1ec:c::10/128,
2620:1ec:c::11/128, 2620:1ec:d::10/128, 2620:1ec:d::11/128,
2620:1ec:8f0::/46, 2620:1ec:900::/46, 2620:1ec:a92::152/128,
2620:1ec:a92::153/128, 2a01:111:f400::/48 |
TCP: 143, 993 |
6 | Allow Optional Notes: Exchange Online POP3 migration |
Yes | *.outlook.office.com, outlook.office365.com 13.107.6.152/31,
13.107.18.10/31, 13.107.128.0/22, 23.103.160.0/20, 40.96.0.0/13,
40.104.0.0/15, 52.96.0.0/14, 131.253.33.215/32, 132.245.0.0/16,
150.171.32.0/22, 204.79.197.215/32, 2603:1006::/40, 2603:1016::/36,
2603:1026::/36, 2603:1036::/36, 2603:1046::/36, 2603:1056::/36,
2620:1ec:4::152/128, 2620:1ec:4::153/128, 2620:1ec:c::10/128,
2620:1ec:c::11/128, 2620:1ec:d::10/128, 2620:1ec:d::11/128,
2620:1ec:8f0::/46, 2620:1ec:900::/46, 2620:1ec:a92::152/128,
2620:1ec:a92::153/128, 2a01:111:f400::/48 |
TCP: 995 |
8 | Default Required |
No | *.outlook.com, attachments.office.net |
TCP: 443, 80 |
9 | Allow Required |
Yes | *.protection.outlook.com 40.92.0.0/15, 40.107.0.0/16, 52.100.0.0/14, 52.238.78.88/32, 104.47.0.0/17, 2a01:111:f403::/48 |
TCP: 443 |
10 | Allow Required |
Yes | *.mail.protection.outlook.com 40.92.0.0/15, 40.107.0.0/16, 52.100.0.0/14, 104.47.0.0/17, 2a01:111:f400::/48, 2a01:111:f403::/48 |
TCP: 25 |
154 | Default Required |
No | autodiscover.<tenant>.onmicrosoft.com |
TCP: 443, 80 |
SharePoint Online and OneDrive for Business
ID | Category | ER | Addresses | Ports |
---|---|---|---|---|
31 | Optimize Required |
Yes | <tenant>.sharepoint.com, <tenant>-my.sharepoint.com 13.107.136.0/22,
40.108.128.0/17, 52.104.0.0/14, 104.146.128.0/17, 150.171.40.0/22,
2603:1061:1300::/40, 2620:1ec:8f8::/46, 2620:1ec:908::/46,
2a01:111:f402::/48 |
TCP: 443, 80 |
32 | Default Optional Notes: OneDrive for Business: supportability, telemetry, APIs, and embedded email links |
No | ssw.live.com, storage.live.com |
TCP: 443 |
33 | Default Optional Notes: SharePoint Hybrid Search - Endpoint to SearchContentService where the hybrid crawler feeds documents |
No | *.search.production.apac.trafficmanager.net,
*.search.production.emea.trafficmanager.net,
*.search.production.us.trafficmanager.net |
TCP: 443 |
35 | Default Required |
No | *.wns.windows.com, admin.onedrive.com, officeclient.microsoft.com |
TCP: 443, 80 |
36 | Default Required |
No | g.live.com, oneclient.sfx.ms |
TCP: 443, 80 |
37 | Default Required |
No | *.sharepointonline.com, spoprod-a.akamaihd.net |
TCP: 443, 80 |
39 | Default Required |
No | *.gr.global.aa-rt.sharepoint.com, *.svc.ms,
<tenant>-admin.sharepoint.com,
<tenant>-files.sharepoint.com,
<tenant>-myfiles.sharepoint.com |
TCP: 443, 80 |
Skype for Business Online and Microsoft Teams
ID | Category | ER | Addresses | Ports |
---|---|---|---|---|
11 | Optimize Required |
Yes | 13.107.64.0/18, 52.112.0.0/14, 52.120.0.0/14, 2603:1063::/38 |
UDP: 3478, 3479, 3480, 3481 |
12 | Allow Required |
Yes | *.lync.com, *.teams.microsoft.com, teams.microsoft.com 13.107.64.0/18,
52.112.0.0/14, 52.120.0.0/14, 52.238.119.141/32, 52.244.160.207/32,
2603:1027::/48, 2603:1037::/48, 2603:1047::/48, 2603:1057::/48,
2603:1063::/38, 2620:1ec:6::/48, 2620:1ec:40::/42 |
TCP: 443, 80 |
13 | Allow Required |
Yes | *.broadcast.skype.com, broadcast.skype.com 13.107.64.0/18,
52.112.0.0/14, 52.120.0.0/14, 52.238.119.141/32, 52.244.160.207/32,
2603:1027::/48, 2603:1037::/48, 2603:1047::/48, 2603:1057::/48,
2603:1063::/38, 2620:1ec:6::/48, 2620:1ec:40::/42 |
TCP: 443 |
15 | Default Required |
No | *.sfbassets.com |
TCP: 443, 80 |
16 | Default Required |
No | *.keydelivery.mediaservices.windows.net, *.streaming.mediaservices.windows.net, mlccdn.blob.core.windows.net |
TCP: 443 |
17 | Default Required |
No | aka.ms |
TCP: 443 |
18 | Default Optional Notes: Federation with Skype and public IM connectivity: Contact picture retrieval |
No | *.users.storage.live.com |
TCP: 443 |
19 | Default Optional Notes: Applies only to those who deploy the Conference Room Systems |
No | *.adl.windows.com |
TCP: 443, 80 |
22 | Allow Optional Notes: Teams: Messaging interop with Skype for Business |
Yes | *.skypeforbusiness.com 13.107.64.0/18,
52.112.0.0/14, 52.120.0.0/14, 52.238.119.141/32, 52.244.160.207/32,
2603:1027::/48, 2603:1037::/48, 2603:1047::/48, 2603:1057::/48,
2603:1063::/38, 2620:1ec:6::/48, 2620:1ec:40::/42 |
TCP: 443 |
26 | Default Required |
No | *.msedge.net, compass-ssl.microsoft.com |
TCP: 443 |
27 | Default Required |
No | *.mstea.ms, *.secure.skypeassets.com, mlccdnprod.azureedge.net |
TCP: 443 |
127 | Default Required |
No | *.skype.com |
TCP: 443, 80 |
Microsoft 365 Common and Office Online
ID | Category | ER | Addresses | Ports |
---|---|---|---|---|
41 | Default Optional Notes: Microsoft Stream |
No | *.microsoftstream.com |
TCP: 443 |
43 | Default Optional Notes: Microsoft Stream 3rd party integration (including CDNs) |
No | nps.onyx.azure.net |
TCP: 443 |
44 | Default Optional Notes: Microsoft Stream - unauthenticated |
No | *.azureedge.net, *.media.azure.net, *.streaming.mediaservices.windows.net |
TCP: 443 |
45 | Default Optional Notes: Microsoft Stream |
No | *.keydelivery.mediaservices.windows.net |
TCP: 443 |
46 | Allow Required |
Yes | *.officeapps.live.com, *.online.office.com, office.live.com 13.107.6.171/32,
13.107.18.15/32, 13.107.140.6/32, 52.108.0.0/14, 52.238.106.116/32,
52.244.37.168/32, 52.244.203.72/32, 52.244.207.172/32,
52.244.223.198/32, 52.247.150.191/32, 2603:1010:2::cb/128,
2603:1010:200::c7/128, 2603:1020:200::682f:a0fd/128,
2603:1020:201:9::c6/128, 2603:1020:600::a1/128, 2603:1020:700::a2/128,
2603:1020:800:2::6/128, 2603:1020:900::8/128, 2603:1030:7::749/128,
2603:1030:800:5::bfee:ad3c/128, 2603:1030:f00::17/128,
2603:1030:1000::21a/128, 2603:1040:200::4f3/128, 2603:1040:401::762/128,
2603:1040:601::60f/128, 2603:1040:a01::1e/128, 2603:1040:c01::28/128,
2603:1040:e00:1::2f/128, 2603:1040:f00::1f/128, 2603:1050:1::cd/128,
2620:1ec:c::15/128, 2620:1ec:8fc::6/128, 2620:1ec:a92::171/128,
2a01:111:f100:2000::a83e:3019/128, 2a01:111:f100:2002::8975:2d79/128,
2a01:111:f100:2002::8975:2da8/128, 2a01:111:f100:7000::6fdd:6cd5/128,
2a01:111:f100:a004::bfeb:88cf/128 |
TCP: 443, 80 |
47 | Default Required |
No | *.cdn.office.net, contentstorage.osi.office.net |
TCP: 443 |
49 | Default Required |
No | *.onenote.com |
TCP: 443 |
50 | Default Optional Notes: OneNote notebooks (wildcards) |
No | *.microsoft.com, *.office.net |
TCP: 443 |
51 | Default Required |
No | *cdn.onenote.net |
TCP: 443 |
53 | Default Required |
No | ajax.aspnetcdn.com, apis.live.net, officeapps.live.com, www.onedrive.com |
TCP: 443 |
56 | Allow Required |
Yes | *.auth.microsoft.com, *.msftidentity.com, *.msidentity.com,
account.activedirectory.windowsazure.com,
accounts.accesscontrol.windows.net, adminwebservice.microsoftonline.com,
api.passwordreset.microsoftonline.com,
autologon.microsoftazuread-sso.com, becws.microsoftonline.com,
ccs.login.microsoftonline.com, clientconfig.microsoftonline-p.net,
companymanager.microsoftonline.com, device.login.microsoftonline.com,
graph.microsoft.com, graph.windows.net, login.microsoft.com,
login.microsoftonline.com, login.microsoftonline-p.com,
login.windows.net, logincert.microsoftonline.com,
loginex.microsoftonline.com, login-us.microsoftonline.com,
nexus.microsoftonline-p.com, passwordreset.microsoftonline.com,
provisioningapi.microsoftonline.com 20.190.128.0/18,
40.126.0.0/18, 2603:1006:2000::/48, 2603:1007:200::/48,
2603:1016:1400::/48, 2603:1017::/48, 2603:1026:3000::/48,
2603:1027:1::/48, 2603:1036:3000::/48, 2603:1037:1::/48,
2603:1046:2000::/48, 2603:1047:1::/48, 2603:1056:2000::/48,
2603:1057:2::/48 |
TCP: 443, 80 |
59 | Default Required |
No | *.hip.live.com, *.microsoftonline.com,
*.microsoftonline-p.com, *.msauth.net, *.msauthimages.net, *.msecnd.net,
*.msftauth.net, *.msftauthimages.net, *.phonefactor.net,
enterpriseregistration.windows.net, management.azure.com,
policykeyservice.dc.ad.msft.net |
TCP: 443, 80 |
64 | Allow Required |
Yes | *.compliance.microsoft.com, *.protection.office.com,
*.security.microsoft.com, compliance.microsoft.com,
defender.microsoft.com, protection.office.com, security.microsoft.com 52.108.0.0/14,
2603:1006:1400::/40, 2603:1016:2400::/40, 2603:1026:2400::/40,
2603:1036:2400::/40, 2603:1046:1400::/40, 2603:1056:1400::/40,
2a01:111:200a:a::/64, 2a01:111:2035:8::/64, 2a01:111:f406:1::/64,
2a01:111:f406:c00::/64, 2a01:111:f406:1004::/64,
2a01:111:f406:1805::/64, 2a01:111:f406:3404::/64,
2a01:111:f406:8000::/64, 2a01:111:f406:8801::/64,
2a01:111:f406:a003::/64 |
TCP: 443 |
65 | Allow Required |
Yes | account.office.net 52.108.0.0/14,
2603:1006:1400::/40, 2603:1016:2400::/40, 2603:1026:2400::/40,
2603:1036:2400::/40, 2603:1046:1400::/40, 2603:1056:1400::/40,
2a01:111:200a:a::/64, 2a01:111:2035:8::/64, 2a01:111:f406:1::/64,
2a01:111:f406:c00::/64, 2a01:111:f406:1004::/64,
2a01:111:f406:1805::/64, 2a01:111:f406:3404::/64,
2a01:111:f406:8000::/64, 2a01:111:f406:8801::/64,
2a01:111:f406:a003::/64 |
TCP: 443, 80 |
66 | Default Required |
No | *.portal.cloudappsecurity.com, suite.office.net |
TCP: 443 |
67 | Default Optional Notes: Security and Compliance Center eDiscovery export |
No | *.blob.core.windows.net |
TCP: 443 |
68 | Default Optional Notes: Portal and shared: 3rd party office integration. (including CDNs) |
No | firstpartyapps.oaspapps.com,
prod.firstpartyapps.oaspapps.com.akadns.net,
telemetryservice.firstpartyapps.oaspapps.com,
wus-firstpartyapps.oaspapps.com |
TCP: 443 |
69 | Default Required |
No | *.aria.microsoft.com, *.events.data.microsoft.com |
TCP: 443 |
70 | Default Required |
No | *.o365weve.com, amp.azure.net, appsforoffice.microsoft.com,
assets.onestore.ms, auth.gfx.ms, c1.microsoft.com,
dgps.support.microsoft.com, docs.microsoft.com, msdn.microsoft.com,
platform.linkedin.com, prod.msocdn.com, shellprod.msocdn.com,
support.content.office.net, support.microsoft.com,
technet.microsoft.com, videocontent.osi.office.net,
videoplayercdn.osi.office.net |
TCP: 443 |
71 | Default Required |
No | *.office365.com |
TCP: 443 |
72 | Default Optional Notes: Azure Rights Management (RMS) with Office 2010 clients |
No | *.cloudapp.net |
TCP: 443 |
73 | Default Required |
No | *.aadrm.com, *.azurerms.com,
*.informationprotection.azure.com, ecn.dev.virtualearth.net,
informationprotection.hosting.portal.azure.net |
TCP: 443 |
75 | Default Optional Notes: Graph.windows.net, Office 365 Management Pack for Operations Manager, SecureScore, Azure AD Device Registration, Forms, StaffHub, Application Insights, captcha services |
No | *.sharepointonline.com, dc.services.visualstudio.com, mem.gfx.ms, staffhub.ms |
TCP: 443 |
78 | Default Optional Notes: Some Office 365 features require endpoints within these domains (including CDNs). Many specific FQDNs within these wildcards have been published recently as we work to either remove or better explain our guidance relating to these wildcards. |
No | *.microsoft.com, *.msocdn.com, *.office.net, *.onmicrosoft.com |
TCP: 443, 80 |
79 | Default Required |
No | o15.officeredir.microsoft.com, officepreviewredir.microsoft.com, officeredir.microsoft.com, r.office.microsoft.com |
TCP: 443, 80 |
83 | Default Required |
No | activation.sls.microsoft.com |
TCP: 443 |
84 | Default Required |
No | crl.microsoft.com |
TCP: 443, 80 |
86 | Default Required |
No | office15client.microsoft.com, officeclient.microsoft.com |
TCP: 443 |
88 | Default Required |
No | insertmedia.bing.office.net |
TCP: 443, 80 |
89 | Default Required |
No | go.microsoft.com |
TCP: 443, 80 |
91 | Default Required |
No | ajax.aspnetcdn.com, cdn.odc.officeapps.live.com |
TCP: 443, 80 |
92 | Default Required |
No | officecdn.microsoft.com, officecdn.microsoft.com.edgesuite.net |
TCP: 443, 80 |
93 | Default Optional Notes: ProPlus: auxiliary URLs |
No | *.virtualearth.net, c.bing.net,
excelbingmap.firstpartyapps.oaspapps.com, ocos-office365-s2s.msedge.net,
peoplegraph.firstpartyapps.oaspapps.com, tse1.mm.bing.net,
wikipedia.firstpartyapps.oaspapps.com, www.bing.com |
TCP: 443, 80 |
95 | Default Optional Notes: Outlook for Android and iOS |
No | *.acompli.net, *.outlookmobile.com |
TCP: 443 |
96 | Default Optional Notes: Outlook for Android and iOS: Authentication |
No | login.windows-ppe.net |
TCP: 443 |
97 | Default Optional Notes: Outlook for Android and iOS: Consumer Outlook.com and OneDrive integration |
No | account.live.com, login.live.com |
TCP: 443 |
105 | Default Optional Notes: Outlook for Android and iOS: Outlook Privacy |
No | www.acompli.com |
TCP: 443 |
114 | Default Optional Notes: Office Mobile URLs |
No | *.appex.bing.com, *.appex-rf.msn.com, c.bing.com, c.live.com,
d.docs.live.net, directory.services.live.com, docs.live.net,
partnerservices.getmicrosoftkey.com, signup.live.com |
TCP: 443, 80 |
116 | Default Optional Notes: Office for iPad URLs |
No | account.live.com, auth.gfx.ms, login.live.com |
TCP: 443, 80 |
117 | Default Optional Notes: Yammer |
No | *.yammer.com, *.yammerusercontent.com |
TCP: 443 |
118 | Default Optional Notes: Yammer CDN |
No | *.assets-yammer.com |
TCP: 443 |
121 | Default Optional Notes: Planner: auxiliary URLs |
No | www.outlook.com |
TCP: 443, 80 |
122 | Default Optional Notes: Sway CDNs |
No | eus-www.sway-cdn.com, eus-www.sway-extensions.com, wus-www.sway-cdn.com, wus-www.sway-extensions.com |
TCP: 443 |
124 | Default Optional Notes: Sway |
No | sway.com, www.sway.com |
TCP: 443 |
125 | Default Required |
No | *.entrust.net, *.geotrust.com, *.omniroot.com,
*.public-trust.com, *.symcb.com, *.symcd.com, *.verisign.com,
*.verisign.net, apps.identrust.com, cacerts.digicert.com,
cert.int-x3.letsencrypt.org, crl.globalsign.com, crl.globalsign.net,
crl.identrust.com, crl3.digicert.com, crl4.digicert.com,
isrg.trustid.ocsp.identrust.com, mscrl.microsoft.com, ocsp.digicert.com,
ocsp.globalsign.com, ocsp.msocsp.com, ocsp2.globalsign.com,
ocspx.digicert.com, secure.globalsign.com, www.digicert.com,
www.microsoft.com |
TCP: 443, 80 |
126 | Default Optional Notes: Connection to the speech service is required for Office Dictation features. If connectivity is not allowed, Dictation will be disabled. |
No | officespeech.platform.bing.com |
TCP: 443 |
128 | Default Required |
No | *.config.office.net, *.manage.microsoft.com |
TCP: 443 |
147 | Default Required |
No | *.office.com |
TCP: 443, 80 |
148 | Default Required |
No | cdnprod.myanalytics.microsoft.com, myanalytics.microsoft.com, myanalytics-gcc.microsoft.com |
TCP: 443, 80 |
149 | Default Required |
No | workplaceanalytics.cdn.office.net |
TCP: 443, 80 |
152 | Default Optional Notes: These endpoints enables the Office Scripts functionality in Office clients available through the Automate tab. This feature can also be disabled through the Office 365 Admin portal. |
No | *.microsoftusercontent.com |
TCP: 443 |
153 | Default Required |
No | *.azure-apim.net, *.flow.microsoft.com, *.powerapps.com |
TCP: 443 |
156 | Default Required |
No | *.activity.windows.com, activity.windows.com |
TCP: 443 |
157 | Default Required |
No | ocsp.int-x3.letsencrypt.org |
TCP: 80 |
158 | Default Required |
No | *.cortana.ai |
TCP: 443 |
159 | Default Required |
No | admin.microsoft.com |
TCP: 443, 80 |
160 | Default Required |
No | cdn.odc.officeapps.live.com, cdn.uci.officeapps.live.com |
TCP: 443, 80 |
No comments:
Post a Comment