Office Support / Office 365 Admin / Setup

Office 365 URLs and IP address ranges

Summary   : This reference article lists every endpoints used by Office 365. If your organization restricts computers on your network from connecting to the Internet, this article lists the endpoints (FQDNs, Ports, URLs, IPv4, and IPv6 address ranges) that you should include in your outbound allow lists to ensure your computers can successfully use Office 365. If you are using Office 365 operated by 21Vianet in China, see URLs and IP address ranges for Office 365 operated by 21Vianet.

Subscribe via RSS RSS to receive notice when URLs and IP addresses are changed. This reference article lists the endpoints for Office 365. Filtering internet traffic requires advanced networking knowledge and isn't suitable for all customers. Additional resources for planning your network connectivity include Office 365 network traffic management, Content delivery networks, Client connectivity, and Microsoft peering.

Warning   IP addresses filtering alone isn’t a complete solution due to dependencies on Content Delivery Networks (CDNs). The following are some of the reasons to use either FQDNs only or a combination of FQDNs and IP addresses:

  • Some clients such as the Office 365 admin portal or Outlook Web App won’t be able to authenticate without contacting CDNs.

  • CDN, CRL, and other partners don't publish IP addresses.

  • New Office 365 infrastructure won’t become instantly available to client computers.

  • Some firewall providers and security policies don't allow for wildcards.

  • Updates will be required as frequently as weekly.

  • Future non-web based clients may not be able to authenticate.

  • Future non-web based clients may not be able to authenticate.

  • There will be more emergency or retroactive updates.

Tip   If IP address filtering is your only option at the firewall, an automatic proxy configuration file can be used to route the destinations marked below as CDNs through an alternate path, such as through an outbound proxy. See Office 365 network traffic management for help with more complex routing configurations.

Most changes are made 14-30 days ahead of the endpoint being used. We understand that emergency changes with less notice are difficult to manage and strive to make these infrequently. If possible, use FQDN filtering instead of IP filtering to reduce the impact of emergency changes. Subscribe to the RSS feed to have notifications pushed to you. Here is how to subscribe via Outlook or you can have the RSS feed updates emailed to you. We also offer all updates via XML.

Some of our services do overlap with one another and you will notice the overlap or duplication in the lists of endpoints. There is also some domain name overlapping with our consumer services; while the root domain name is the same, Office 365 operates from a separate sub-domain. If you’re going to add IP addresses to your allow lists, keep in mind that IPv6 is optional and not required. We provide it here for customers who wish to use IPv6.

Office 365 portal and identity

The endpoints listed in this section are only to support the portal and identity portion of Office 365. You’ll want to add these along with the endpoints for each of the workloads you’re deploying on your network.

If you’re using Active Directory Federation Services (AD FS) with your deployment, you can also use AD FS client access policies with Windows Server 2012 R2 or client access policies with AD FS 2.0 and to further restrict and control access to Office 365.

Purpose

Credentials Used

Source

Source Port

Destination

CDN Provider(s)

Destination IP

Destination Port

Required: Office 365 Portal and help content

logged on user

Client Computer

Ephemeral ports

Portal.Office.com

Home.Office.com

*.office365.com

*.office.com

*.office.net

See row three and four

See tables below.

TCP 80 & 443

Required: Authentication and support services

logged on user

Client Computer

Ephemeral ports

*.microsoftonline.com

*.microsoft.com

*.live.com

*.windows.net

See row three and four

See tables below.

TCP 80 & 443

Required: CDNs used for portal and authentication

logged on user

Client Computer

Ephemeral ports

*.microsoftonline-p.com

*.microsoftonline-p.net

*.microsoftonlineimages.com

*.msecnd.net

Microsoft

IP addresses not provided

TCP 80 & 443

Required: CDNs used for portal and authentication

logged on user

Client Computer

Ephemeral ports

*.msocdn.com

Akamai

IP addresses not provided

TCP 80 & 443

Required: Default tenant namespace (mail routing, etc.)

logged on user

Client Computer

TCP 80, 25, & 443

*.onmicrosoft.com

Various

See tables below.

TCP 80, 25, & 443

Required: Global DNS load balancing services

logged on user

Client Computer

TCP 80 & 443

*.glbdns.microsoft.com

None

IP addresses not provided

TCP 80 & 443

Required: Microsoft Azure Active Directory

logged on user

Client Computer

Ephemeral ports

*.activedirectory.windowsazure.com

None

See tables below.

TCP 80 & 443

Optional: Microsoft Azure Active Directory (MFA)

logged on user

Client Computer

Ephemeral ports

*.phonefactor.net

None

See tables below.

TCP 80 & 443

Required: Certificate revocation lists

logged on user

Client Computer

TCP 80 & 443

See well known certificate root CRLs in the table below.

None

IP addresses not provided

TCP 80 & 443

Optional: Azure Rights Management

logged on user

Client Computer

Ephemeral ports

*.aadrm.com

*.azurerms.com

*.cloudapp.net

None

IP addresses not provided

TCP 80 & 443

Optional: Microsoft Azure Active Directory RemoteApp

logged on user

Client Computer

Ephemeral ports

dc.services.visualstudio.com

liverdcxstorage.blob.core.windowsazure.com

telemetry.remoteapp.windowsazure.com

vortex.data.microsoft.com

www.remoteapp.windowsazure.com

None

IP addresses not provided

TCP 443

Optional: DirSync (legacy)

Machine^ and Service Account

DirSync Server

TCP 80 & 443

*.microsoftonline.com

*.windows.net

+Certificate Revocation Lists (see table below)

None

See tables below.

TCP 80 & 443

Optional: Azure AD Connect (recommended)

Service Account

Azure AD Connect Server

TCP 80 & 443

*.microsoftonline.com

*.windows.net

+Certificate Revocation Lists (see table below)

None

See tables below.

TCP 80 & 443

Optional: Azure AD Connect (w/SSO option) – WinRM & remote powershell

Service Account

Client Computer

TCP 80 & 443

Customer STS environment (AD FS Server and AD FS Proxy)

None

Customer environment

TCP 80 & 443

Optional: STS such as AD FS Proxy server(s) (for federated customers only)

None

Client Computer

TCP 443 or TCP 49443 w/ClientTLS

Customer STS (such as AD FS Proxy)

None

Customer environment

TCP 443 or TCP 49443 w/ClientTLS

Optional: AD FS Proxy server(s) (for federated customers only)

None

Customer AD FS Proxy (WAP)

TCP 443

Customer AD FS Server (FS)

None

Customer environment

TCP 443

Optional: Azure AD Connect Health

Service Account

Azure AD Connect Health Server

TCP 443

management.azure.com

*.blob.core.windows.net

*.queue.core.windows.net

*.servicebus.windows.net - Port: 5671 (If 5671 is blocked, agent falls back to 443, but using 5671 is recommended.)

*.adhybridhealth.azure.com

*.table.core.windows.net

policykeyservice.dc.ad.msft.net

login.windows.net

login.microsoftonline.com

secure.aadcdn.microsoftonline-p.com

Microsoft

IP addresses not provided

TCP 443

Optional: Office 365 Management Pack for Operations Manager

Machine^ Account

Customer Operations Manager environment

TCP 80 & 443

office365servicehealthcommunications.cloudapp.net

None

IP addresses not provided

TCP 443

^Keep in mind that Machine accounts won’t work with proxies that require outbound authentication.

(Back to top | Exchange Online | Skype for Business Online | SharePoint Online | Exchange Online Protection (EOP) | Office 365 ProPlus | Office Online | Yammer | Sway | Planner)

Portal and Identity IP ranges

Office 365 IPv4 Addresses

Office 365 IPv6 Addresses

Certificate Revocation List (Root URLs)

13.76.218.117
13.76.219.191
13.76.219.210
13.107.1.0/24
13.107.3.0/24
13.107.4.0/24
13.107.5.0/24
13.107.6.0/24
13.107.7.0/24
13.107.9.0/24
13.107.12.0/24
13.107.13.0/24
13.107.15.0/24
13.107.16.0/24
23.96.208.238
23.96.240.104
23.96.241.205
23.97.61.137
23.97.64.252
23.97.66.55
23.97.66.110
23.97.68.113
23.97.70.147
23.97.72.158
23.97.72.161
23.97.72.165
23.97.98.128
23.97.99.4
23.97.100.76
23.97.100.92
23.97.100.105
23.97.100.152
23.97.103.118
23.97.139.122
23.97.145.9
23.97.148.36
23.97.148.228
23.97.152.190
23.97.209.97
23.98.66.168
23.98.69.116
23.98.70.90
23.99.109.44
23.99.109.64
23.99.116.116
23.99.121.207
23.99.128.120
23.99.129.26
23.99.129.173
23.99.193.105
23.99.194.77
23.99.196.232
23.99.226.167
23.99.227.124
23.100.86.91
23.101.14.229
23.101.19.99
23.101.25.224
23.101.30.126
23.101.178.227
23.101.187.91
23.102.4.253
23.102.64.138
23.102.64.255
23.102.65.203
23.102.65.221
23.102.155.140
40.83.189.49
40.113.8.255
40.113.10.78
40.113.11.93
40.113.14.159
40.115.48.147
40.115.52.169
40.115.54.162
40.115.54.55
40.115.55.208
40.117.144.240
40.117.151.29
40.118.255.5
40.121.144.182
40.122.131.63
40.122.168.103
40.124.9.212
65.52.26.28
65.52.35.54
65.52.64.61
65.52.64.230
65.52.129.119
65.52.136.224
65.52.144.46
65.52.144.125
65.52.148.27
65.52.160.218
65.52.176.72
65.52.176.186
65.52.184.75
65.52.192.203
65.52.196.64
65.52.209.62
65.52.219.207
65.52.228.75
65.52.228.99
65.52.228.100
65.52.232.52
65.52.233.128
65.52.236.160
65.52.240.73
65.52.240.200
65.52.244.66
65.54.54.32/27
65.54.55.201
65.54.74.0/23
65.54.80.0/20
65.54.165.0/25
65.54.170.128/25
65.55.86.0/23
65.55.233.0/27
65.55.239.168
70.37.56.152
70.37.81.47
70.37.96.155
70.37.97.234
70.37.128.0/23
70.37.142.0/23
70.37.150.128/25
70.37.159.0/24
70.37.160.72
70.37.160.202
94.245.68.0/22
94.245.82.0/23
94.245.84.0/24
94.245.86.0/24
94.245.88.28
94.245.88.223
94.245.88.194
94.245.117.53
94.245.108.85
104.41.1.233
104.41.207.73
104.42.231.54
104.43.140.223
104.44.218.128/25
104.45.11.195
104.45.214.112
104.46.1.211
104.46.38.64
104.46.50.125
104.46.104.228
104.47.143.47
104.47.146.37
104.208.36.190
104.209.190.8
104.210.4.77
104.210.40.87
104.210.212.243
104.211.98.2
104.211.98.6
104.211.98.138
104.211.98.146
104.211.98.194
104.211.98.246
104.211.99.88
104.211.99.127
104.211.99.181
104.211.99.236
104.211.100.160
104.211.100.170
104.211.100.196
104.211.100.204
104.211.102.225
104.211.160.36
104.211.161.31
104.211.161.69
104.211.161.150
104.211.161.165
104.211.161.170
104.211.161.171
104.211.161.185
104.211.162.33
104.211.162.51
104.211.162.180
104.211.165.35
104.211.166.139
104.211.164.26
104.211.165.64
104.211.224.71
104.211.224.118
104.211.225.135
104.211.225.215
104.211.226.231
104.211.226.240
104.211.227.110
104.211.227.238
104.211.229.0
104.211.230.178
104.211.230.245
104.211.231.218
104.211.231.219
104.211.231.147
104.211.231.248
104.214.35.244
104.215.146.200
104.215.198.144
111.221.16.0/21
111.221.24.0/21
111.221.70.0/25
111.221.71.0/25
111.221.96.149
111.221.104.43
111.221.111.196
111.221.127.112/28
131.253.3.0/24
131.253.21.0/24
131.253.33.0/24
131.253.120.128
132.245.0.0/16
134.170.0.0/16
137.135.47.6
137.135.47.4
137.135.47.28
137.116.32.61
137.116.32.101
137.116.48.66
137.116.48.69
137.116.49.27
137.116.49.210
137.116.64.35
137.116.64.162
137.116.65.59
137.116.66.126
137.116.80.106
137.116.81.187
137.116.200.108
137.116.242.169
137.117.99.175
137.117.103.21
137.117.146.106
137.117.198.210
137.135.42.195
137.135.43.100
137.135.44.73
137.135.48.128
137.135.60.254
137.135.160.110
138.91.1.59
138.91.2.208
138.91.2.210
138.91.2.212
138.91.17.43
138.91.17.108
138.91.18.52
138.91.56.78
138.91.56.97
138.91.58.210
138.91.59.239
138.91.59.78
138.91.60.177
138.91.61.153
138.91.61.35
138.91.64.46
138.91.246.237
157.55.45.128/25
157.55.59.128/25
157.55.80.41
157.55.80.94
157.55.80.175
157.55.80.182
157.55.84.19
157.55.84.237
157.55.130.0/25
157.55.145.0/25
157.55.155.0/25
157.55.161.59
157.55.161.75
157.55.168.18
157.55.168.184
157.55.176.63
157.55.177.39
157.55.184.223
157.55.185.100
157.55.194.46
157.55.208.58
157.55.208.198
157.55.208.218
157.55.227.192/26
157.55.252.101
157.56.0.0/16
157.56.8.78
157.56.28.192
157.56.162.166
168.61.32.214
168.61.35.252
168.61.36.121
168.61.37.63
168.61.38.105
168.61.82.81
168.61.85.180
168.61.146.25
168.61.149.17
168.61.170.80
168.61.172.71
168.62.4.28
168.62.4.48
168.62.11.24
168.62.11.117
168.62.16.112
168.62.16.140
168.62.16.149
168.62.16.252
168.62.24.38
168.62.24.104
168.62.24.114
168.62.24.150
168.62.29.225
168.62.41.25
168.62.42.89
168.62.43.8
168.62.52.198
168.62.52.203
168.62.56.108
168.62.60.71
168.62.60.80
168.62.104.146
168.62.105.126
168.62.105.217
168.62.106.152
168.62.176.34
168.62.179.4
168.62.180.151
168.62.202.67
168.62.204.209
168.63.16.112
168.63.16.114
168.63.17.108
168.63.17.221
168.63.18.79
168.63.18.131
168.63.25.227
168.63.27.2
168.63.29.74
168.63.52.117
168.63.92.133
168.63.100.61
168.63.138.56
168.63.139.159
168.63.152.235
168.63.166.200
168.63.165.67
168.63.164.177
168.63.172.54
168.63.173.188
168.63.208.73
168.63.213.238
168.63.214.35
168.63.250.173
168.63.252.39
168.63.252.62
191.232.2.128/25
191.233.37.141
191.234.4.0/24
191.234.5.0/24
191.234.6.0/24
191.234.7.0/24
191.234.55.177
191.235.135.139
191.235.135.222
191.236.88.160
191.236.155.80
191.236.192.179
191.237.218.239
191.238.80.160
191.238.80.241
191.238.81.69
191.238.83.220
191.238.160.173
191.238.177.236
191.238.224.150
191.239.64.124
191.239.64.125
191.239.64.129
191.239.64.130
191.239.64.131
191.239.64.132
191.239.64.133
191.239.64.134
191.239.160.4
191.239.160.93
191.239.160.143
191.239.160.140
191.239.160.144
191.239.160.145
191.239.160.141
191.239.160.142
202.89.233.0/24
204.79.197.0/24
207.46.57.128/25
207.46.70.0/24
207.46.73.250
207.46.129.169
207.46.134.255
207.46.153.155
207.46.206.0/23
207.46.216.54
213.199.128.58
213.199.128.91
213.199.128.119
213.199.132.97
213.199.148.0/23
213.199.182.128/25
2603:1030:800:5::bfee:a0ad
2620:1ec:34::/48
2620:1ec:38d::/48
2620:1ec:4::/48
2620:1ec:5::/48
2620:1ec:6::/48
2620:1ec:7::/48
2620:1ec:a::/48
2620:1ec:a92::/48
2620:1ec:b::/48
2620:1ec:c11::/48
2801:80:1d0:1c00::/64
2a01:111:2003::/48
2a01:111:200a:a::/64
2a01:111:202c::/48
2a01:111:202e::/48
2a01:111:202d::/48
2a01:111:2035:8::/64
2a01:111:f100:1004::4134:f0c8
2a01:111:f100:7000::6fdd:682b
2a01:111:f100:8001::d5c7:8077
2a01:111:f102:8001::1761:4237
2a01:111:f100:a001::a83f:5c85
2a01:111:f406:1::/64
2a01:111:f406:1000::/64
2a01:111:f406:1004::/64
2a01:111:f406:1801::/64
2a01:111:f406:1805::/64
2a01:111:f406:3404::/64
2A01:111:F406:8000::/64
2a01:111:f406:8801::/64
2a01:111:f406:a003::/64
2a01:111:f406:c00::/64
2001:489a:2101:100::/64
crl.microsoft.com 
evsecure-ocsp.verisign.com
evsecure-aia.verisign.com
evsecure-crl.verisign.com
ocsp.msocsp.com
sa.symcb.com
sd.symcb.com
*.omniroot.com
*.verisign.com
*.symcb.com
*.symcd.com
*.verisign.net
*.geotrust.com
*.entrust.net
*.public-trust.com

(Back to top | Exchange Online | Skype for Business Online | SharePoint Online | Exchange Online Protection (EOP) | Office 365 ProPlus | Office Online | Yammer | Sway | Planner)

Exchange Online

If you have licensed Exchange Online as a standalone or as part of a suite, you must be able to reach the following endpoints. Where there is a reference to another section such as the references to Office 365 portal and identity and Exchange Online Protection, you will need to ensure the endpoints listed in those tables are also included in your outbound allow lists.

Purpose

Credentials Used

Source

Source Port

Destination

CDN Provider(s)

Destination IP

Destination Port

Required: Authentication

See Office 365 portal and identity

Required: Portal

See Office 365 portal and identity

Required: Exchange Online Protection

See Exchange Online Protection (EOP)

Required: Client SMTP Relay

Logged on user

Client Computer

Ephemeral ports

smtp.office365.com

None

See table below.

TCP 587

Required: Exchange Online

Logged on user

Client Computer

Ephemeral ports

outlook.office365.com

outlook.office.com

None

See table below.

TCP 80 & 443

Required: Exchange Online

Logged on user

Client Computer

Ephemeral ports

r1.res.office365.com

Akamai

IP addresses not provided

TCP 80 & 443

Required: Exchange Online

Logged on user

Client Computer

Ephemeral ports

r3.res.office365.com

Akamai

IP addresses not provided

TCP 80 & 443

Required: Exchange Online

Logged on user

Client Computer

Ephemeral ports

r4.res.office365.com

Akamai

IP addresses not provided

TCP 80 & 443

Required: Exchange Online

Logged on user

Client Computer

Ephemeral ports

*.outlook.com

None

See table below.

TCP 80 & 443

Required: Certificate revocation lists

logged on user

Client Computer

TCP 80 & 443

See well known certificate root CRLs in the table below.

None

IP addresses not provided

TCP 80 & 443

Optional: Exchange Hybrid Only

Machine account^

Existing Exchange Client Access Servers and Mailbox Servers

TCP 80 & 443

outlook.office365.com

outlook.office.com

None

See table below.

TCP 80 & 443

Optional: Exchange Hybrid Co-existence

N/A

Exchange Online IPs (See table below.)

Dynamic

Customer on-premise Exchange

None

Customer IP

TCP 443

Optional: Exchange Proxy Authentication

N/A

Exchange Online IPs (See table below.)

Dynamic

Customer on-premise STS

None

Customer IP

TCP 443

Optional: Exchange Hybrid Configuration Wizard

N/A

Existing Exchange service

Ephemeral ports

hybridconfiguration.azurewebsites.net

*.hybridconfiguration.azurewebsites.net

*.Blob.core.Windows.Net

None

IP addresses included in portal and identity section

TCP 443

Optional: Exchange 2010 SP3 Hybrid Configuration Wizard

N/A

Existing Exchange service

Ephemeral ports

Domains.live.com

None

See table below.

TCP 443

Optional: Exchange Online IMAP4 migration

N/A

IMAP4 Service

TCP 143/993

outlook.office365.com

outlook.office.com

None

See table below.

TCP 143/993

Optional: Exchange Online POP3 migration

N/A

POP3 Service

TCP 995

outlook.office365.com

outlook.office.com

None

See table below.

TCP 995

Optional: All other Exchange Online migration tools

N/A

Existing Exchange service (EWS or MRS)

TCP 80 & 443

outlook.office365.com

outlook.office.com

None

See table below.

TCP 80 & 443

^Keep in mind that Machine accounts won’t work with proxies that require outbound authentication.

(Back to top | Office 365 portal and identity | Skype for Business Online | SharePoint Online | Exchange Online Protection (EOP) | Office 365 ProPlus | Office Online | Yammer | Sway | Planner)

Exchange Online IP ranges

Exchange Online IPv4 Addresses

Exchange Online IP Addresses

Well known certificate root FQDNs

23.103.160.0/20
23.103.224.0/19
40.96.0.0/16
40.97.0.0/16
40.98.0.0/16
40.99.0.0/16
40.100.0.0/16
40.101.0.0/16
40.102.0.0/16
40.103.0.0/16
40.104.0.0/16
40.105.0.0/16
65.54.62.0/25
65.55.39.128/25
65.55.78.128/25
65.55.79.128/25
65.55.94.0/25
65.55.113.64/26
65.55.126.0/25
65.55.174.0/25
65.55.181.128/25
70.37.151.128/25
94.245.117.128/25
111.221.23.128/25
111.221.66.0/25
111.221.69.128/25
111.221.112.0/21
131.253.33.215
132.245.0.0/16
134.170.68.0/23
191.234.192.0/19
157.55.9.128/25
157.55.11.0/25
157.55.47.0/24
157.55.49.0/24
157.55.61.0/24
157.55.157.128/25
157.55.224.128/25
157.55.225.0/25
157.56.0.0/16
191.234.6.152
191.234.140.0/22
191.234.224.0/22
204.79.197.215
206.191.224.0/19
207.46.4.128/25
207.46.58.128/25
207.46.150.128/25
207.46.164.0/24
207.46.198.0/25
207.46.203.128/26
213.199.174.0/25
213.199.177.0/26
2a01:111:f400::/48
crl.microsoft.com 
evsecure-ocsp.verisign.com
evsecure-aia.verisign.com
evsecure-crl.verisign.com
ocsp.msocsp.com
sa.symcb.com
sd.symcb.com
*.omniroot.com
*.verisign.com
*.symcb.com
*.symcd.com
*.verisign.net
*.geotrust.com
*.entrust.net
*.public-trust.com

(Back to top | Office 365 portal and identity | Skype for Business Online | SharePoint Online | Exchange Online Protection (EOP) | Office 365 ProPlus | Office Online | Yammer | Sway | Planner)

Skype for Business Online

If you have licensed Skype for Business Online as a standalone or as part of a suite, you must be able to reach the Office 365 portal and identity URLs as well as the Skype for Business Online URLs or IP addresses. It’s also important to ensure you are able to reach the certificate root authorities as all Skype for Business Online communications are protected, you’ll find a partial list of possible root authorities client computers will need to be able to access.

Purpose

Credentials Used

Source

Source Port

Destination

CDN Provider(s)

Destination IP

Destination Port

Required: Authentication

See Office 365 portal and identity

Required: Portal

See Office 365 portal and identity

Required: SIP signaling

Logged on user

Client Computer

Ephemeral ports

*.Lync.com

None

See table below.

TCP 443

Required: Persistent Shared Object Model (PSOM) connections web conferencing

Logged on user

Client Computer

Ephemeral ports

*.Lync.com

None

See table below.

TCP 443

Required: HTTPS downloads

Logged on user

Client Computer

Ephemeral ports

*.Lync.com

None

See table below.

TCP 443

Required: Audio

Logged on user

Client Computer

TCP/UDP 50,000-50019

*.Lync.com

None

See table below.

TCP 443, UDP 3478, TCP/UDP 50,000-59,999

Required: Video

Logged on user

Client Computer

TCP/UDP 50,020-50039

*.Lync.com

None

See table below.

TCP 443, UDP 3478, TCP/UDP 50,000-59,999

Required: Desktop sharing

Logged on user

Client Computer

TCP/UDP 50,040-50059

*.Lync.com

None

See table below.

TCP 443, TCP 50,000-59,999

Required: Lync Mobile push notifications for Lync Mobile 2010 on iOS devices. You don't need this for Android, Nokia Symbian or Windows Phone mobile devices.

Logged on user

Client Computer

Ephemeral ports

*.Lync.com

None

See table below.

TCP 5223

Required: Certificate revocation lists

logged on user

Client Computer

TCP 80 & 443

See well known certificate root CRLs in the table below.

None

IP addresses not provided

TCP 80 & 443

(Back to top | Office 365 portal and identity | Exchange Online | SharePoint Online | Exchange Online Protection (EOP) | Office 365 ProPlus | Office Online | Yammer | Sway | Planner)

Skype for Business IP ranges

Skype for Business Online IPv4 Addresses

Skype for Business Online IPv6 Addresses

Well known certificate root FQDNs

23.103.128.0/25
23.103.128.128/25
23.103.129.0/25
23.103.129.128/25
23.103.130.0/26
23.103.130.64/26
23.103.130.128/26
23.103.130.192/26
23.103.176.128/26
23.103.176.192/27
23.103.178.128/26
23.103.178.192/27
40.110.0.0/16
65.55.121.128/27
65.55.127.0/24
66.119.157.0/25
66.119.157.160/27
66.119.157.192/26
66.119.158.0/25
111.221.17.128/27
111.221.22.64/26
111.221.76.96/27
111.221.76.128/25
111.221.77.0/26
111.221.122.192/26
131.253.128.0/25
131.253.128.128/25
131.253.129.0/25
131.253.129.128/26
131.253.129.143
131.253.130.0/25
131.253.130.128/26
131.253.130.192/26
131.253.131.0/25
131.253.131.128/26
131.253.132.0/25
131.253.134.0/25
131.253.136.0/25
131.253.136.128/25
131.253.137.0/25
131.253.138.128/25
131.253.140.0/25
131.253.140.128/25
131.253.141.0/25
131.253.141.128/25
131.253.142.128/25
131.253.160.0/26
131.253.160.128/26
131.253.160.64/26
131.253.161.128/26
131.253.161.192/26
131.253.162.0/26
131.253.162.64/26
131.253.162.128/26
131.253.162.192/26
131.253.163.0/26
131.253.163.64/26
131.253.164.0/26
131.253.165.0/26
131.253.178.0/27
131.253.178.64/27
131.253.178.96/27
131.253.178.128/27
131.253.178.160/27
132.245.0.0/24
132.245.1.0/25
132.245.112.0/24
132.245.113.0/25
132.245.128.0/24
132.245.129.0/25
132.245.161.0/24
132.245.162.0/25
132.245.192.0/24
132.245.193.0/25
132.245.208.0/24
132.245.209.0/25
134.170.0.0/25
134.170.53.32/27
134.170.54.0/26
134.170.54.128/25
134.170.58.224/27
134.170.113.192/26
134.170.115.0/27
134.170.115.128/25
134.170.119.224/27
157.55.40.128/25
157.55.46.0/27
157.55.46.64/26
157.55.229.128/27
157.55.232.128/26
157.55.238.0/25
157.56.135.64/26
157.56.135.160/27
157.56.184.224/27
157.56.185.0/26
191.232.80.96/27
191.232.83.0/27
191.232.83.32/27
191.232.83.64/27
207.46.5.0/24
207.46.7.128/27
207.46.57.0/25
2a01:111:2007:3::/64
2a01:111:2007:4::/64
2a01:111:200f:6::/64
2a01:111:200f:7::/64 
2a01:111:200f:8::/64
2a01:111:200f:9::/64
2a01:111:2012:2::/64 
2a01:111:2012:3::/64
2a01:111:2012:4::/64
2a01:111:2012:5::/64
2a01:111:2012:6::/64
2a01:111:2012:7::/64
2a01:111:202a:2::/64
2a01:111:202a:3::/64
2a01:111:202b:3::/64
2a01:111:202b:4::/64
2a01:111:202b:9::/64
2a01:111:202b:a::/64
2a01:111:2034:2::/64
2a01:111:2034:3::/64
2a01:111:2035:6::/64
2a01:111:2035:7::/64
2a01:111:2036:2::/64
2a01:111:2036:3::/64
2a01:111:203e:1::/64
2a01:111:203e:2::/64
2a01:111:2040:1::/64
2a01:111:2040:2::/64
2a01:111:2046:4::/64
2a01:111:2046:5::/64
2a01:111:2a:7::/6
2a01:111:2a:8::/64
2a01:111:f402:5802::/64
2a01:111:f402:5803::/64
2a01:111:f402:5805::/64
2a01:111:f404:0c06::/64
2a01:111:f404:0c07::/64
2a01:111:f404:0c09::/64
2a01:111:f404:0c0a::/64
2a01:111:f404:3400::/64
2a01:111:f404:3401::/64
2a01:111:f404:8002::/64
2a01:111:f404:8003::/64
2a01:111:f404:9400::/64
2a01:111:f404:9401::/64
2a01:111:f404:a000::/64
2a01:111:f404:a001::/64
2a01:111:f404:a800::/64
2a01:111:f404:a801::/64
2a01:111:f404:c0b::/64
2a01:111:f404:c0c::/64
2a01:111:f406:2400::/64
2a01:111:f406:2401::/64
2a01:111:f406:402::/64
2a01:111:f406:403::/64
crl.microsoft.com 
evsecure-ocsp.verisign.com
evsecure-aia.verisign.com
evsecure-crl.verisign.com
ocsp.msocsp.com
sa.symcb.com
sd.symcb.com
*.omniroot.com
*.verisign.com
*.symcb.com
*.symcd.com
*.verisign.net
*.geotrust.com
*.entrust.net
*.public-trust.com

(Back to top | Office 365 portal and identity | Exchange Online | SharePoint Online | Exchange Online Protection (EOP) | Office 365 ProPlus | Office Online | Yammer | Sway | Planner)

SharePoint Online

If you have licensed SharePoint Online as a standalone or as part of a suite, you must be able to reach the Office 365 portal and identity URLs as well as the SharePoint Online URLs or IP addresses.

This list also applies to many of the new applications that are dependent on SharePoint Online, such as Power BI, Project Online, Delve, and Office 365 Video. The Yammer endpoints are listed separately.

Purpose

Credentials Used

Source

Source Port

Add to IE Trusted Site?

Destination

CDN Provider(s)

Destination IP

Destination Port

Required: Authentication

See Office 365 portal and identity

Required: Portal

See Office 365 portal and identity

Required: SharePoint Online and associated applications

Logged on user

Client Computer

Ephemeral ports

No

*.sharepoint.com

None

See table below.

TCP 80 & 443

Required: SharePoint Online Explorer View

Note   Adding these two FQDNs to the IE Trusted Sites zone is required for Explorer View to function, other Office 365 services may not function with these FQDNs in the IE Trusted Sites zone.

Logged on user

Client Computer

Ephemeral ports

Yes

<tenant>.sharepoint.com

<tenant>-my.sharepoint.com

None

See table below.

TCP 80 & 443

Required: CDNs for SharePoint Online and associated applications

logged on user

Client Computer

Ephemeral ports

No

*.sharepointonline.com

Cdn.sharepointonline.com

Static.sharepointonline.com

Prod.msocdn.com

Microsoft & Akamai

IP addresses not provided

TCP 80 & 443

Required: SharePoint Online inbound mail

Logged on user

See table below.

TCP 25

No

Customer environment

None

Customer environment

TCP 25

Required: Certificate revocation lists

logged on user

Client Computer

TCP 80 & 443

No

See well known certificate root CRLs in the table below.

None

IP addresses not provided

TCP 80 & 443

Optional: Required for Office 365 Video

logged on user

Client Computer

Ephemeral ports

No

*.streaming.mediaservices.windows.net

*.keydelivery.mediaservices.windows.net

Azure Media Services

IP addresses not provided

TCP 443

Optional: Required for Office 365 Video

logged on user

Client Computer

Ephemeral ports

No

ajax.aspnetcdn.com

Azure Media Services

IP addresses not provided

TCP 443

Optional: Required for Office 365 Video

Logged on user

Client Computer

Ephemeral ports

No

r3.res.outlook.com

Akamai

IP addresses not provided

TCP 443

Optional: Required for Office 365 Video

logged on user

Client Computer

Ephemeral ports

No

Spoprod-a.akamaihd.net

Akamai

IP addresses not provided

TCP 443

Optional: Required for OneDrive for Business

logged on user

Client Computer

Ephemeral ports

No

Spoprod-a.akamaihd.net

Akamai

IP addresses not provided

TCP 443

Optional: Required for OneNote notebooks

Logged on user

OneNote

Ephemeral ports

No

*.onenote.com

None

See table below.

TCP 443

Optional: Required for OneNote notebooks

Logged on user

OneNote

Ephemeral ports

No

cdn.onenote.net

Akamai

IP addresses not provided

TCP 443

Optional: Required for Delve

Logged on user

Client Computer

Ephemeral ports

No

r3.res.outlook.com

Akamai

IP addresses not provided

TCP 443

(Back to top | Office 365 portal and identity | Exchange Online | Skype for Business Online | Exchange Online Protection (EOP) | Office 365 ProPlus | Office Online | Yammer | Sway | Planner)

SharePoint Online IP Ranges

SharePoint Online IPv4 Addresses

SharePoint Online IPv6 Addresses

Well known certificate root FQDNs

40.108.0.0/16
40.109.0.0/16
42.159.34.0/27
42.159.38.0/23
42.159.162.0/27
42.159.166.0/23
65.52.45.0/24
65.55.22.32/27
70.37.151.64/27
94.245.113.160/27
104.146.0.0/15
111.221.17.160/27
111.221.20.128/25
111.221.22.32/27
111.221.22.192/27
111.221.64.160/27
111.221.67.0/25
134.170.200.0/21
134.170.208.0/21
134.177.0.0/16
137.116.50.49
157.55.43.32/27
157.55.46.128/27
157.55.56.0/27
157.55.62.96/27
157.55.62.128/27
157.55.103.0/27
157.55.144.64/26
157.55.145.192/27
157.55.147.0/27
157.55.151.192/27
157.55.152.128/25
157.55.153.0/27
157.55.153.64/26
157.55.154.64/27
157.55.225.160/27
157.55.225.224/27
157.55.227.128/27
157.55.229.0/25
157.55.229.160/27
157.55.231.32/27
157.55.232.0/27
157.55.235.64/27
157.55.238.128/27
157.56.24.128/27
157.56.48.0/27
157.56.80.128/27
157.56.81.192/26
157.56.113.0/27
157.56.132.128/26
157.56.150.32/27
168.61.25.60
191.232.0.0/23
191.234.8.0/21
191.234.76.0/23
191.234.128.0/21
191.234.144.0/20
191.234.148.0/22
191.234.152.0/23
191.234.192.0/19
191.234.208.0/23
191.235.0.0/20
207.46.203.128/27
213.199.179.0/27
2a01:111:f402::/48
2801:80:1d0:1400::/54
crl.microsoft.com 
evsecure-ocsp.verisign.com
evsecure-aia.verisign.com
evsecure-crl.verisign.com
ocsp.msocsp.com
sa.symcb.com
sd.symcb.com
*.omniroot.com
*.verisign.com
*.symcb.com
*.symcd.com
*.verisign.net
*.geotrust.com
*.entrust.net
*.public-trust.com

(Back to top | Office 365 portal and identity | Exchange Online | Skype for Business Online | Exchange Online Protection (EOP) | Office 365 ProPlus | Office Online | Yammer | Sway | Planner)

Exchange Online Protection (EOP)

If you have licensed Exchange Online Protection (EOP) as a standalone or as part of a suite, you must be able to reach the Office 365 portal and identity URLs as well as the EOP IP addresses.

Purpose

Credentials Used

Source

Source Port

Destination

CDN Provider(s)

Destination IP

Destination Port

Required: EOP

Logged on user

Client Computer

TCP 80 & 443

*.protection.outlook.com

None

See Exchange Online Protection IP Addresses

TCP 80 & 443

Required: Send email

N/A

Existing email environment

TCP 25

*.mail.protection.outlook.com

None

See Exchange Online Protection IP Addresses

TCP 25

Required: Receive email

N/A

See Exchange Online Protection IP Addresses

TCP 25

Existing email environment

None

See Exchange Online Protection IP Addresses

TCP 25

(Back to top | Skype for Business Online | Exchange Online | SharePoint Online | Office 365 portal and identity | Office 365 ProPlus | Office Online | Yammer | Sway | Planner)

Office 365 remote analyzer tools

This list of IPv4 IP addresses is the current list required for the Office 365 remote analyzer tools.

Purpose

Credentials Used

Source

Source Port

Destination

CDN Provider(s)

Destination IP

Destination Port

Required: Initiate connectivity tests.

Logged on user

Web browse

Ephemeral ports

testconnectivity.microsoft.com

testexchangeconnectivity.com

None

See table below.

TCP 80 & 443

Required: Captcha & support services

Logged on user

Web browse

Ephemeral ports

client.hip.live.com

wu.client.hip.live.com

support.microsoft.com

None

IP addresses not provided

TCP 80 & 443

Required: Execution of the tests selected by the customer.

Provided by customer on the testconnectivity website

testconnectivity.microsoft.com

Ephemeral ports

On-premises systems for email and collaboration.

None

Customer IP ranges

80, 443, 25, POP3 on (110, 995, or Custom), IMAP4 on (143, 993, or Custom)

Required: Certificate revocation lists

logged on user

Client Computer

TCP 80 & 443

See well known certificate root CRLs in the table below.

None

IP addresses not provided

TCP 80 & 443

(Back to top | Skype for Business Online | Exchange Online | SharePoint Online | Office 365 portal and identity | Office 365 ProPlus | Office Online | Yammer | Sway | Planner)

Remote Analyzer IP Ranges

Office 365 remote analyzer tools IP Addresses

Well known certificate root FQDNs

13.67.59.89
40.85.91.8
104.208.36.70
134.170.52.122 
134.170.52.123 
134.170.52.124 
157.56.138.141
157.56.138.142
157.56.138.143
crl.microsoft.com 
evsecure-ocsp.verisign.com
evsecure-aia.verisign.com
evsecure-crl.verisign.com
ocsp.msocsp.com
sa.symcb.com
sd.symcb.com
*.omniroot.com
*.verisign.com
*.symcb.com
*.symcd.com
*.verisign.net
*.geotrust.com
*.entrust.net
*.public-trust.com

(Back to top | Skype for Business Online | Exchange Online | SharePoint Online | Office 365 portal and identity | Office 365 ProPlus | Office Online | Yammer | Sway | Planner)

Yammer

This list of URLs and IPv4 IP subnet is the current list required for Yammer.

Purpose

Credentials Used

Source

Source Port

Destination

CDN Provider(s)

Destination IP

Destination Port

Required: Authentication

See Office 365 portal and identity

Required: Portal

See Office 365 portal and identity

Required: Yammer

Logged on user

Client Computer

Ephemeral ports

*.assets-yammer.com

*.yammer.com

*.yammerusercontent.com

None

See table below.

TCP 80 & 443

Required: Certificate revocation lists

logged on user

Client Computer

Ephemeral ports

See well known certificate root CRLs in the table below.

None

IP addresses not provided

TCP 80 & 443

Optional: Document, video, & image storage/rendering

Logged on user

Client Computer

Ephemeral ports

ajax.googleapis.com

*.cloudfront.net

None

IP addresses not provided

TCP 443

(Back to top | Skype for Business Online | Exchange Online | SharePoint Online | Exchange Online Protection (EOP) | Office 365 ProPlus | Office Online | Office 365 portal and identity | Sway | Planner)

Yammer IP Ranges

Yammer IPv4 Addresses

Well known certificate root FQDNs

134.170.148.0/22
crl.microsoft.com 
evsecure-ocsp.verisign.com
evsecure-aia.verisign.com
evsecure-crl.verisign.com
ocsp.msocsp.com
sa.symcb.com
sd.symcb.com
*.omniroot.com
*.verisign.com
*.symcb.com
*.symcd.com
*.verisign.net
*.geotrust.com
*.entrust.net
*.public-trust.com

(Back to top | Skype for Business Online | Exchange Online | SharePoint Online | Exchange Online Protection (EOP) | Office 365 ProPlus | Office Online | Office 365 portal and identity | Sway | Planner)

Office 365 ProPlus

Here is the current list of endpoints PCs and Macs need to be able to access to use Office 365 ProPlus. If you’re interested in bypassing the CDN for your deployment, you can build an internal installation point.

Purpose

Credentials Used

Source

Source Port

Destination

CDN Provider(s)

Destination IP

Destination Port

Required: This url is needed to renew the product key approximately every 30 days

Local system

Office client only

Ephemeral ports

activation.sls.microsoft.com

None

See table below.

TCP 443

Required: This URL is required to validate certificates during activation

Local system

Office client only

Ephemeral ports

crl.microsoft.com

None

IP addresses not provided.

TCP 80 & 443

Required: Required for identity and configuration services

Local system

Office client only

Ephemeral ports

odc.officeapps.live.com

clientconfig.microsoftonline-p.net

Microsoft & Akamai

See table below. CDN IP addresses not provided.

TCP 443

Required: This URL is the Office Licensing Service, which is used during activation and subscription maintenance

Local system

Office client only

Ephemeral ports

ols.officeapps.live.com

Microsoft & Akamai

See table below. CDN IP addresses not provided.

TCP 443

Required: Required for redirection services during initial Office activation and Office license heartbeat.

Local system

Office client only

TCP 80 & 443

office15client.microsoft.com

Microsoft & Akamai

See table below. CDN IP addresses not provided.

TCP 443

Required: Required to authenticate the users identity (Org Id) during initial Office entitlement check. After initial activation, not used unless re-entitlement check is required.

Logged on user

Office client only

Ephemeral ports

login.windows.net

login.microsoftonline.com

See Office 365 portal and identity

Required: Contains Office 365 ProPlus source media used for installation and/or updates. If automatic updates are configured in the default settings, the local system account is used when downloading updates.

Logged on user

Office client only

Ephemeral ports

officecdn.microsoft.com

Microsoft & Akamai

IP addresses not provided

TCP 80

Required: This URL is used to redirect to web content such as online help and error code information.

Logged on user

Office client only

Ephemeral ports

go.microsoft.com

Microsoft & Akamai

IP addresses not provided

TCP 80

(Back to top | Exchange Online | Skype for Business Online | SharePoint Online | Exchange Online Protection (EOP) | Office 365 portal and identity | Office 365 portal and identity | Yammer | Sway | Planner)

Office 365 ProPlus IP Ranges

Office 365 ProPlus IPv4 Addresses

104.40.234.17
104.210.220.25
191.236.108.93
191.236.157.212

(Back to top | Exchange Online | Skype for Business Online | SharePoint Online | Exchange Online Protection (EOP) | Office 365 portal and identity | Office 365 portal and identity | Yammer | Sway | Planner)

Office Online

This list of IP addresses is the current list required for Office Web Apps. MTE102837806 does not have additional URLs beyond those included in the portal and identity section.

Purpose

Credentials Used

Source

Source Port

Destination

CDN Provider(s)

Destination IP

Destination Port

Required: Authentication

See Office 365 portal and identity

Required: Portal

See Office 365 portal and identity

Required: Office Online

Logged on user

Client Computer

Ephemeral ports

*.officeapps.live.com

None

See table below.

TCP 443

Required: Content Delivery Network for Office Web Apps

Logged on user

Client Computer

Ephemeral ports

*.cdn.office.net

Akamai

IP addresses not provided

TCP 443

Required: Certificate revocation lists

logged on user

Client Computer

Ephemeral ports

See well known certificate root CRLs in the table below.

None

IP addresses not provided

TCP 80 & 443

(Back to top | Exchange Online | Skype for Business Online | SharePoint Online | Exchange Online Protection (EOP) | Office 365 ProPlus | Office Online | Yammer | Sway | Planner)

Office Online IP Ranges

Office Web Apps IPv4 Addresses

Office Web Apps IPv6 Addresses

Well known certificate root FQDNs

23.101.60.234
23.102.157.61
23.103.183.0/26
40.117.226.146
104.41.62.54
104.46.60.252
104.215.194.17
134.170.27.64/26
134.170.48.0/26
134.170.65.64/26
134.170.128.192/26
134.170.170.64/26
137.116.172.39
191.232.2.64/26
2a01:111:f406:8800::/64
2a01:111:f406:400::/64
2a01:111:f406:1c01::/64
2a01:111:f406:9400::/64
2a01:111:f406:2402::/64
2a01:111:f406:a804::/64 
2a01:111:f406:b401::/64
crl.microsoft.com 
evsecure-ocsp.verisign.com
evsecure-aia.verisign.com
evsecure-crl.verisign.com
ocsp.msocsp.com
sa.symcb.com
sd.symcb.com
*.omniroot.com
*.verisign.com
*.symcb.com
*.symcd.com
*.verisign.net
*.geotrust.com
*.entrust.net
*.public-trust.com

(Back to top | Exchange Online | Skype for Business Online | SharePoint Online | Exchange Online Protection (EOP) | Office 365 ProPlus | Office Online | Yammer | Sway | Planner)

Sway

This list of URLs and IPv4 IP subnet is the current list required for Sway.

Purpose

Credentials Used

Source

Source Port

Add to IE Trusted Site?

Destination

CDN Provider(s)

Destination IP

Destination Port

Required: Authentication

See Office 365 portal and identity

Required: Portal

See Office 365 portal and identity

Required: Sway

Logged on user

Client Computer

Ephemeral ports

No

sway.com

www.sway.com

eus-www.sway.com

eus-000.www.sway.com

eus-001.www.sway.com

eus-002.www.sway.com

eus-003.www.sway.com

eus-004.www.sway.com

eus-005.www.sway.com

eus-006.www.sway.com

eus-007.www.sway.com

eus-008.www.sway.com

eus-009.www.sway.com

eus-00a.www.sway.com

eus-00b.www.sway.com

eus-00c.www.sway.com

eus-00d.www.sway.com

eus-00e.www.sway.com

wus-www.sway.com

wus-000.www.sway.com

wus-001.www.sway.com

wus-002.www.sway.com

wus-003.www.sway.com

wus-004.www.sway.com

wus-005.www.sway.com

wus-006.www.sway.com

wus-007.www.sway.com

wus-008.www.sway.com

wus-009.www.sway.com

wus-00a.www.sway.com

wus-00b.www.sway.com

wus-00c.www.sway.com

wus-00d.www.sway.com

wus-00e.www.sway.com

None

See table below

TCP 443

Required: Sway

logged on user

Client Computer

Ephemeral ports

No

eus-www.sway-cdn.com

wus-www.sway-cdn.com

eus-www.sway-extensions.com

wus-www.sway-extensions.com

Akamai

IP addresses not provided

TCP 443

Optional: Sway website analytics

Logged on user

Client Computer

Ephemeral ports

No

c.microsoft.com c1.microsoft.com

prod.msocdn.com

www.google-analytics.com

None

IP addresses not provided

TCP 443

Optional: Sway third party content

Logged on user

Client Computer

Ephemeral ports

No

Access to third party content such as Bing, Flickr, and so on.

None

IP addresses not provided

TCP 443

(Back to top | Exchange Online | Skype for Business Online | SharePoint Online | Exchange Online Protection (EOP) | Office 365 ProPlus | Office Online | Yammer | Office 365 portal and identity | Planner)

(Back to top)

Sway IP Ranges

Sway IPv4 Addresses

Well known certificate root FQDNs

40.76.22.51
40.76.30.255
40.76.213.143
40.76.216.125
40.76.221.181
40.76.222.175
40.83.185.108
40.114.8.214
40.114.14.121
40.114.15.142
40.114.45.182
40.114.40.12
40.114.51.204
40.114.51.239
40.118.210.94
40.112.188.120
40.118.131.134
40.118.135.86
40.118.131.27
40.118.209.10
104.41.155.129
104.210.43.160
137.135.51.71
137.135.52.204
138.91.155.70
138.91.159.117
138.91.160.172
138.91.245.66
crl.microsoft.com 
evsecure-ocsp.verisign.com
evsecure-aia.verisign.com
evsecure-crl.verisign.com
ocsp.msocsp.com
sa.symcb.com
sd.symcb.com
*.omniroot.com
*.verisign.com
*.symcb.com
*.symcd.com
*.verisign.net
*.geotrust.com
*.entrust.net
*.public-trust.com

(Back to top | Exchange Online | Skype for Business Online | SharePoint Online | Exchange Online Protection (EOP) | Office 365 ProPlus | Office Online | Yammer | Office 365 portal and identity | Planner)

Planner

This list of URLs and IPv4 IP subnet is the current list required for Planner.

Purpose

Source / Credentials

Source Port

Destination

CDN Provider(s)

Destination IP

Destination Port

Required: Authentication

See Office 365 portal and identity

Required: Portal

See Office 365 portal and identity

Required: Planner

Browser/ authenticated user

Ephemeral ports

tasks.office.com

controls.office.com

cus-000.tasks.osi.office.net

ea-000.tasks.osi.office.net

eus-zzz.tasks.osi.office.net

neu-000.tasks.osi.office.net

sea-000.tasks.osi.office.net

weu-000.tasks.osi.office.net

wus-000.tasks.osi.office.net

www.outlook.com

outlook.office365.com

clientlog.portal.office.com

None

See table below.

TCP 443

Required: Planner CDNs

Browser/ authenticated user

Ephemeral ports

ajax.aspnetcdn.com

prod.msocdn.com

Akamai

IP addresses not provided

TCP 443

Required: Certificate revocation lists

Browser/ authenticated user

Ephemeral ports

See well known certificate root CRLs in the table below.

None

IP addresses not provided

TCP 80 & 443

Planner IP Ranges

Planner IPv4 Addresses

Well known certificate root FQDNs

65.52.168.35
137.116.129.218
137.135.177.165
168.61.184.237
168.62.4.34
168.62.60.117
168.63.98.5
crl.microsoft.com 
evsecure-ocsp.verisign.com
evsecure-aia.verisign.com
evsecure-crl.verisign.com
ocsp.msocsp.com
sa.symcb.com
sd.symcb.com
*.omniroot.com
*.verisign.com
*.symcb.com
*.symcd.com
*.verisign.net
*.geotrust.com
*.entrust.net
*.public-trust.com

(Back to top | Exchange Online | Skype for Business Online | SharePoint Online | Exchange Online Protection (EOP) | Office 365 ProPlus | Office Online | Yammer | Sway | Office 365 portal and identity)

Office for iPad

This is the current list of Office for iPad URLs. If you’re using allow lists to filter iPad connectivity differently than other computers on your network, you can use just this list of URLs to create those allow lists.

Office for iPad URLs

directory.services.live.com
odc.officeapps.live.com
docs.live.net
roaming.officeapps.live.com
nexus.officeapps.live.com
sqm.microsoft.com
watson.telemetry.microsoft.com
login.live.com
wer.microsoft.com         
microsoft-my.sharepoint.com
login.microsoftonline.com
ms.tific.com
msft.sts.microsoft.com
p100-sandbox.itunes.apple.com
signup.live.com
auth.gfx.ms
view.atdmt.com
client.hip.live.com
dc2.client.hip.live.com
c.live.com
go.microsoft.com
office.microsoft.com
officeimg.vo.msecnd.net
m.webtrends.com
account.live.com
c.bing.com
partnerservices.getmicrosoftkey.com
client.hip.live.com
clientconfig.microsoftonline-p.net
cl2.apple.com
sas.office.microsoft.com
foodanddrink.services.appex.bing.com
en-US.appex-rf.msn.com
weather.tile.appex.bing.com

(Back to top | Exchange Online | Skype for Business Online | SharePoint Online | Exchange Online Protection (EOP) | Office 365 ProPlus | Office Online | Yammer | Sway | Planner | Office 365 portal and identity)

Office Mobile

This is the current list of Office Mobile URLs. Office Mobile runs on Android devices, Windows Phones, and iPhones. If you’re filtering your mobile connectivity differently than other computers on your network, you can use just this list of URLs to create those allow lists.

Office Mobile URLs

office15client.microsoft.com
odc.officeapps.live.com
go.microsoft.com
login.microsoftonline.com
msft.sts.microsoft.com
odcsm.officeapps.live.com
microsoft-my.sharepoint.com
ms.tific.com
roaming.officeapps.live.com
o15.officeredir.microsoft.com
office.microsoft.com
officeimg.vo.msecnd.net
m.webtrends.com
d.docs.live.net
login.live.com
auth.gfx.ms
wer.microsoft.com
*.appex.bing.com
*.appex-rf.msn.com
appexsin.stb.s-msn.com

(Back to top | Exchange Online | Skype for Business Online | SharePoint Online | Exchange Online Protection (EOP) | Office 365 ProPlus | Office Online | Yammer | Sway | Planner | Office 365 portal and identity)

Applies To: Office 365 Admin, Office 2016 for Mac



Was this information helpful?

Yes No

How can we improve it?

255 characters remaining

To protect your privacy, please do not include contact information in your feedback. Review our privacy policy.

Thank you for your feedback!

Change language