Office 365 URLs and IP address ranges

Summary   : This reference article lists every endpoints used by Office 365. If your organization restricts computers on your network from connecting to the Internet, this article lists the endpoints (FQDNs, Ports, URLs, IPv4, and IPv6 address ranges) that you should include in your outbound allow lists to ensure your computers can successfully use Office 365. If you are using Office 365 operated by 21Vianet in China, see URLs and IP address ranges for Office 365 operated by 21Vianet.

Subscribe via RSS RSS to receive notice when URLs and IP addresses are changed. This reference article lists the endpoints for Office 365. Filtering internet traffic requires advanced networking knowledge and isn't suitable for all customers. Additional resources for planning your network connectivity include Office 365 network traffic management, Content delivery networks, and Client connectivity,.

Download the XML file for a pure list of the endpoints organized by application.

Warning   IP addresses filtering alone isn’t a complete solution due to dependencies on Content Delivery Networks (CDNs). The following are some of the reasons to use either FQDNs only or a combination of FQDNs and IP addresses:

  • Some clients such as the Office 365 admin portal or Outlook Web App won’t be able to authenticate without contacting CDNs.

  • CDN, CRL, and other partners don't publish IP addresses.

  • New Office 365 infrastructure won’t become instantly available to client computers.

  • Some firewall providers and security policies don't allow for wildcards.

  • Updates will be required as frequently as weekly.

  • Future non-web based clients may not be able to authenticate.

  • There will be more emergency or retroactive updates.

Tip   If IP address filtering is your only option at the firewall, an automatic proxy configuration file can be used to route the destinations marked below as CDNs through an alternate path, such as through an outbound proxy. See Office 365 network traffic management for help with more complex routing configurations.

Most changes are made 14-30 days ahead of the endpoint being used. We understand that emergency changes with less notice are difficult to manage and strive to make these infrequently. If possible, use FQDN filtering instead of IP filtering to reduce the impact of emergency changes. Subscribe to the RSS feed to have notifications pushed to you. Here is how to subscribe via Outlook or you can have the RSS feed updates emailed to you.

Some of our services do overlap with one another and you will notice the overlap or duplication in the lists of endpoints. There is also some domain name overlapping with our consumer services; while the root domain name is the same, Office 365 operates from a separate sub-domain. If you’re going to add IP addresses to your allow lists, keep in mind that IPv6 is optional and not required. We provide it here for customers who wish to use IPv6.

Office 365 portal and shared

The endpoints listed in this section are only to support the portal and shared services portion of Office 365. You’ll want to add these along with the endpoints for each of the workloads you’re deploying on your network.

Row

Purpose

Source | Credentials

Destination

CDN

ExpressRoute for Office 365

Destination IP

Destination Port

1

Required: Office 365 Portal

Client Computer | Logged on user

*.office365.com

See row three

No

Portal and shared IP ranges.

TCP 443

2

Required: Office 365 Portal

Client Computer | Logged on user

Home.Office.com

Portal.Office.com

agent.office.net

www.office.com

outlook.office365.com

See row three

Yes

Portal and shared IP ranges.

TCP 443

3

Required: CDNs used for portal and shared

Client Computer | Logged on user

Prod.msocdn.com

appsforoffice.microsoft.com

Microsoft and Akamai

No

N/A

TCP 443

4

Required: Shared infrastructure

Client Computer | Logged on user

Clientlog.portal.office.com

Nexus.officeapps.live.com

Various

No

Portal and shared IP ranges.

TCP 443

5

Required: Certificate revocation lists

Client Computer | Logged on user

See well known certificate root CRLs in the table below.

No

No

N/A

TCP 80 & 443

6

Required: Some Office 365 features require endpoints within these domains.

Client Computer | Logged on user

*.onmicrosoft.com

*.microsoft.com

*.office.com

*.msedge.net

*.office.net

*.live.com

*.msocdn.com

No

No

N/A

TCP 443

7

Optional: Shared help and support

Client Computer | Logged on user

support.office.com

products.office.com

technet.microsoft.com

Various

No

N/A

TCP 80 & 443

8

Optional: Deprecated FQDNs

Client Computer | Logged on user

*.glbdns.microsoft.com

No

No

N/A

TCP 80 & 443

9

Optional: Azure Rights Management

Client Computer | Logged on user

*.aadrm.com

*.azurerms.com

No

No

N/A

TCP 443

*.cloudapp.net2

No

No

N/A

TCP 443

10

Optional: Microsoft Azure Active Directory RemoteApp

Client Computer | Logged on user

dc.services.visualstudio.com

liverdcxstorage.blob.core.windowsazure.com

telemetry.remoteapp.windowsazure.com

vortex.data.microsoft.com

www.remoteapp.windowsazure.com

No

No3

N/A

TCP 443

11

Optional: Office 365 Management Pack for Operations Manager

Customer Operations Manager environment | Machine1 Account

office365servicehealthcommunications.cloudapp.net

No

No3

N/A

TCP 443

1Keep in mind that Machine accounts won’t work with proxies that require outbound authentication.

2Azure Rights Management Office 2010 Clients Only.

3 These services accessibility over ExpressRoute is determined by the Azure ExpressRoute subscription.

(Back to top | Office 365 portal and shared | Office 365 authentication and identity | Exchange Online | Skype for Business Online | SharePoint Online | Exchange Online Protection (EOP) | Office 365 remote analyzer tools | Office 365 ProPlus | Office Online | Yammer | Sway | Planner)

Network card (NIC)

Expand to see the Portal and shared IP ranges

Note: ExpressRoute for Office 365 currently does not support IPv6

Office 365 IPv4 Addresses for ER available services

Office 365 IPv4 Addresses for non-ER available services

Office 365 IPv6 Addresses

Certificate Revocation List (Root URLs)

13.107.6.156
13.107.6.157
13.107.6.160
13.107.7.156
13.107.7.190
13.107.7.191
13.107.9.156
13.107.9.157
13.107.9.160
23.97.66.55
65.52.240.200
65.54.80.0/20
65.55.239.168
94.245.117.53
111.221.104.43
111.221.16.0/21
134.170.0.0/16
157.55.59.128/25
157.55.130.0/25
157.55.145.0/25
157.55.155.0/25
157.55.194.46
157.55.227.192/26
168.63.92.133
191.238.160.173
207.46.73.250
207.46.216.54
213.199.128.119
13.76.218.117
13.76.219.191
13.76.219.210
23.96.240.104
23.96.241.205
23.97.61.137
23.97.150.21
23.97.152.190
23.97.209.97
23.99.109.44
23.99.109.64
23.99.116.116
23.99.121.207
23.100.86.91
23.101.14.229
23.101.30.126
23.102.4.253
23.102.155.140
40.83.189.49
40.113.8.255
40.113.10.78
40.113.11.93
40.113.14.159
40.117.144.240
40.117.151.29
40.118.255.5
40.121.144.182
40.122.131.63
40.122.168.103
40.124.9.212
65.52.26.28
65.52.144.46
65.52.148.27
65.52.160.218
65.52.176.72
65.52.176.186
65.52.184.75
65.52.192.203
65.52.196.64
65.52.219.207
70.37.96.155
70.37.97.234
94.245.88.28
94.245.108.85
104.41.207.73
104.42.231.54
104.43.140.223
104.45.11.195
104.46.1.211
104.46.38.64
104.46.50.125
104.209.190.8
104.210.4.77
104.210.40.87
104.210.212.243
104.214.35.244
104.215.146.200
104.215.198.144
111.221.96.149
111.221.111.196
137.116.66.126
137.116.81.187
157.55.177.39
157.55.184.223
157.55.80.94
168.61.146.25
168.61.149.17
168.61.170.80
168.61.172.71
168.62.106.152
168.62.204.209
168.62.29.225
168.62.43.8
168.63.17.108
168.63.18.79
168.63.29.74
168.63.100.61 
168.63.138.56
168.63.172.54
168.63.213.238
191.236.88.160
191.236.155.80
191.237.218.239
191.238.177.236
207.46.134.255
207.46.153.155
2603:1030:800:5::bfee:a0ad
2620:1ec:34::/48
2620:1ec:38d::/48
2620:1ec:4::/48
2620:1ec:5::/48
2620:1ec:6::/48
2620:1ec:7::/48
2620:1ec:a::/48
2620:1ec:a92::/48
2620:1ec:b::/48
2620:1ec:c11::/48
2620:1ec:a92::156
2620:1ec:a92::157
2a01:111:202e::190
2a01:111:202e::191
2a01:111:202e::156
2620:1ec:4::156
2620:1ec:4::157
2620:1ec:a92::160
2620:1ec:4::160
2801:80:1d0:1c00::/64
2a01:111:2003::/48
2a01:111:200a:a::/64
2a01:111:202c::/48
2a01:111:202e::/48
2a01:111:202d::/48
2a01:111:2035:8::/64
2a01:111:f100:1002::4134:d9ee 
2a01:111:f100:1004::4134:f0c8
2a01:111:f100:7000::6fdd:682b
2a01:111:f100:8001::d5c7:8077
2a01:111:f102:8001::1761:4237
2a01:111:f100:a001::a83f:5c85
2a01:111:f406:1::/64
2a01:111:f406:1000::/64
2a01:111:f406:1004::/64
2a01:111:f406:1801::/64
2a01:111:f406:1805::/64
2a01:111:f406:3404::/64
2A01:111:F406:8000::/64
2a01:111:f406:8801::/64
2a01:111:f406:a003::/64
2a01:111:f406:c00::/64
2001:489a:2101:100::/64
crl.microsoft.com 
evsecure-ocsp.verisign.com
evsecure-aia.verisign.com
evsecure-crl.verisign.com
ocsp.msocsp.com
sa.symcb.com
sd.symcb.com
*.omniroot.com
*.verisign.com
*.symcb.com
*.symcd.com
*.verisign.net
*.geotrust.com
*.entrust.net
*.public-trust.com

(Back to top | Office 365 portal and shared | Office 365 authentication and identity | Exchange Online | Skype for Business Online | SharePoint Online | Exchange Online Protection (EOP) | Office 365 remote analyzer tools | Office 365 ProPlus | Office Online | Yammer | Sway | Planner)

Office 365 authentication and identity

To use this application, you must be able to connect to the endpoints described below. To see the IP addresses, expand the IP address section below the table describing the traffic flow.

If you’re using Active Directory Federation Services (AD FS) with your deployment, you can also use AD FS client access policies with Windows Server 2012 R2 or client access policies with AD FS 2.0 to further restrict and control access to Office 365.

Row

Purpose

Source | Credentials

Destination

CDN

ExpressRoute for Office 365

Destination IP

Destination Port

1

Required: Authentication and identity

Client Computer | Logged on user

Login.microsoftonline.com

Login.windows.net

clientconfig.microsoftonline-p.net

hip.microsoftonline-p.net

*.microsoftonline.com

No

Yes

Authentication and Identity IP ranges

TCP 443

*.windows.net

secure.aadcdn.microsoftonline-p.com

*.microsoftonline-p.com

*.microsoftonline-p.net

No

No

N/A

TCP 443

2

Required: Microsoft Azure Active Directory

Client Computer | Logged on user

*.activedirectory.windowsazure.com

No

No2

N/A

TCP 443

3

Optional: Legacy/temporary FQDNs

Client Computer | Logged on user

*.msecnd.net

*.microsoft.com

Akamai and Microsoft

No

N/A

TCP 443

4

Optional: Microsoft Azure Active Directory (MFA)

Client Computer | Logged on user

*.phonefactor.net

No

No

N/A

TCP 443

5

Optional: DirSync (legacy)

DirSync Server | Machine1 and Service Account

*.microsoftonline.com

Login.windows.net

provisioningapi.microsoftonline.com

adminwebservice.microsoftonline.com

No

Yes

Authentication and Identity IP ranges

TCP 443

mscrl.microsoft.com

No

No

N/A

TCP 80 & 443

6

Optional: Azure AD Connect (recommended)

Azure AD Connect Server | Service Account

*.microsoftonline.com

Login.windows.net

provisioningapi.microsoftonline.com

adminwebservice.microsoftonline.com

No

Yes

Authentication and Identity IP ranges

TCP 443

mscrl.microsoft.com

secure.aadcdn.microsoftonline-p.com

No

No

N/A

TCP 80 & 443

7

Optional: Azure AD Connect (w/SSO option) – WinRM & remote powershell

Client Computer | Service Account

Customer STS environment (AD FS Server and AD FS Proxy) | Ports TCP 80 & 443

No

No

Customer environment

TCP 80 & 443

8

Optional: STS such as AD FS Proxy server(s) (for federated customers only)

Client Computer | N/A

Customer STS (such as AD FS Proxy) | Ports TCP 443 or TCP 49443 w/ClientTLS

No

No

Customer environment

TCP 443 or TCP 49443 w/ClientTLS

9

Optional: AD FS Proxy server(s) (for federated customers only)

Customer AD FS Proxy (WAP) | N/A

Customer AD FS Server (FS) | Port TCP 443

No

No

Customer environment

TCP 443

10

Optional: Azure AD Connect Health

Azure AD Connect Health Server | Service Account

management.azure.com

*.blob.core.windows.net

*.queue.core.windows.net

*.servicebus.windows.net - Port: 5671 (If 5671 is blocked, agent falls back to 443, but using 5671 is recommended.)

*.adhybridhealth.azure.com

*.table.core.windows.net

policykeyservice.dc.ad.msft.net

secure.aadcdn.microsoftonline-p.com

Microsoft

No2

N/A

TCP 443

login.windows.net

login.microsoftonline.com

No

Yes

Authentication and Identity IP ranges

TCP 443

11

Optional: Office 365 Management Pack for Operations Manager

Customer Operations Manager environment | Machine1 Account

office365servicehealthcommunications.cloudapp.net

No

No2

N/A

TCP 443

1Keep in mind that Machine accounts won’t work with proxies that require outbound authentication.

2 These services accessibility over ExpressRoute is determined by the Azure ExpressRoute subscription

(Back to top | Office 365 portal and shared | Office 365 authentication and identity | Exchange Online | Skype for Business Online | SharePoint Online | Exchange Online Protection (EOP) | Office 365 remote analyzer tools | Office 365 ProPlus | Office Online | Yammer | Sway | Planner)

Network card (NIC)

Expand to see the Authentication and Identity IP ranges

Note: ExpressRoute for Office 365 currently does not support IPv6

Office 365 IPv4 Addresses for ER available services

Office 365 IPv6 Addresses

23.96.208.238
23.97.64.252
23.97.66.110
23.97.68.113
23.97.70.147
23.97.72.158
23.97.72.161
23.97.72.165
23.97.98.128
23.97.99.4
23.97.100.76
23.97.100.92
23.97.100.105
23.97.100.152
23.97.103.118
23.97.145.9
23.97.148.36
23.97.148.228
23.98.66.168
23.98.69.116
23.98.70.90
23.99.128.120
23.99.129.26
23.99.129.173
23.99.193.105
23.99.194.77
23.99.196.232
23.99.226.167
23.99.227.124
23.101.19.99
23.101.25.224
23.101.178.227
23.101.187.91
23.102.64.138
23.102.64.255
23.102.65.203
23.102.65.221
40.115.48.147
40.115.52.169
40.115.54.162
40.115.54.55
40.115.55.208
65.52.64.61
65.52.64.230
65.52.136.224
65.52.144.125
65.52.228.75
65.52.228.99
65.52.228.100
65.52.232.52
65.52.233.128
65.52.236.160
65.52.240.73
65.52.244.66
65.54.54.32/27
65.54.55.201
65.54.74.0/23
65.54.165.0/25
65.54.170.128/25
65.55.86.0/23
65.55.233.0/27
70.37.56.152
70.37.128.0/23
70.37.142.0/23
70.37.150.128/25
70.37.159.0/24
70.37.160.72
70.37.160.202
94.245.68.0/22
94.245.82.0/23
94.245.84.0/24
94.245.86.0/24
94.245.88.223
94.245.88.194
104.41.1.233
104.44.218.128/25
104.47.143.47
104.47.146.37
104.211.98.2
104.211.98.6
104.211.98.138
104.211.98.146
104.211.98.194
104.211.98.246
104.211.99.88
104.211.99.127
104.211.99.181
104.211.99.236
104.211.100.160
104.211.100.170
104.211.100.196
104.211.100.204
104.211.102.225
104.211.160.36
104.211.161.31
104.211.161.69
104.211.161.150
104.211.161.165
104.211.161.170
104.211.161.171
104.211.161.185
104.211.162.33
104.211.162.51
104.211.162.180
104.211.165.35
104.211.166.139
104.211.164.26
104.211.165.64
104.211.224.71
104.211.224.118
104.211.225.135
104.211.225.215
104.211.226.231
104.211.226.240
104.211.227.110
104.211.227.238
104.211.229.0
104.211.230.178
104.211.230.245
104.211.231.218
104.211.231.219
104.211.231.147
104.211.231.248
111.221.24.0/21
111.221.70.0/25
111.221.71.0/25
111.221.127.112/28
131.253.120.128
132.245.0.0/16
137.135.47.6
137.135.47.4
137.135.47.28
137.116.32.61
137.116.32.101
137.116.48.66
137.116.48.69
137.116.49.27
137.116.64.162
137.116.80.106
137.116.200.108
137.116.242.169
137.117.99.175
137.117.103.21
137.135.42.195
137.135.43.100
137.135.44.73
137.135.48.128
138.91.1.59
138.91.2.208
138.91.2.210
138.91.2.212
138.91.17.43
138.91.17.108
138.91.18.52
138.91.56.78
138.91.56.97
138.91.58.210
138.91.59.239
138.91.59.78
138.91.60.177
138.91.61.153
138.91.61.35
157.55.45.128/25
157.55.59.128/25
157.55.80.175
157.55.80.182
157.55.84.19
157.55.84.237
157.55.130.0/25
157.55.161.59
157.55.161.75
157.55.168.18
157.55.176.63
157.55.185.100
157.55.208.58
157.55.208.198
157.55.208.218
157.55.252.101
157.56.0.0/16
157.56.8.78
157.56.28.192
168.61.32.214
168.61.35.252
168.61.36.121
168.61.37.63
168.61.38.105
168.61.82.81
168.61.85.180
168.62.4.28
168.62.11.24
168.62.11.117
168.62.16.112
168.62.16.140
168.62.16.149
168.62.16.252
168.62.24.38
168.62.24.104
168.62.24.114
168.62.24.150
168.62.41.25
168.62.42.89
168.62.52.198
168.62.52.203
168.62.56.108
168.62.60.71
168.62.60.80
168.62.104.146
168.62.105.126
168.62.105.217
168.62.176.34
168.62.179.4
168.62.180.151
168.63.16.112
168.63.16.114
168.63.17.221
168.63.25.227
168.63.27.2
168.63.166.200
168.63.165.67
168.63.164.177
168.63.208.73
168.63.214.35
168.63.250.173
168.63.252.39
191.232.2.128/25
191.233.37.141
191.234.6.0/24
191.235.135.139
191.235.135.222
191.236.192.179
191.238.80.160
191.238.80.241
191.238.81.69
191.238.83.220
191.239.64.124
191.239.64.125
191.239.64.129
191.239.64.130
191.239.64.131
191.239.64.132
191.239.64.133
191.239.64.134
191.239.160.4
191.239.160.93
191.239.160.143
191.239.160.140
191.239.160.144
191.239.160.145
191.239.160.141
191.239.160.142
207.46.57.128/25
207.46.70.0/24
207.46.206.0/23
213.199.128.58
213.199.128.91
213.199.132.97
213.199.148.0/23
2a01:111:f400::/48

(Back to top | Office 365 portal and shared | Office 365 authentication and identity | Exchange Online | Skype for Business Online | SharePoint Online | Exchange Online Protection (EOP) | Office 365 remote analyzer tools | Office 365 ProPlus | Office Online | Yammer | Sway | Planner)

Exchange Online

To use this application, you must be able to connect to the endpoints described below. To see the IP addresses, expand the IP address section below the table describing the traffic flow.

Row

Purpose

Source | Credentials

Destination

CDN

ExpressRoute for Office 365

Destination IP

Destination Port

1

Required: Authentication and identity

See Office 365 authentication and identity

2

Required: Portal and shared

See Office 365 portal and shared

3

Required: Exchange Online Protection

See Exchange Online Protection (EOP)

4

Required: Client SMTP Relay

Client Computer | Logged on user

smtp.office365.com

No

Yes

Exchange Online IP ranges.

TCP 587

5

Required: Exchange Online

Client Computer | Logged on user

outlook.office365.com

*.outlook.office.com

No

Yes

Exchange Online IP ranges.

TCP 443

6

Required: Exchange Online

Client Computer | Logged on user

*.outlook.com

No

No

Exchange Online IP ranges.

TCP 443

7

Required: Exchange Online

Client Computer | Logged on user

xsi.outlook.com

r1.res.office365.com

r3.res.office365.com

r4.res.office365.com

Akamai

No

N/A

TCP 443

8

Optional: Exchange Hybrid Only

Existing Exchange Client Access Servers and Mailbox Servers | Machine account1

outlook.office365.com

*.outlook.office.com

No

Yes

Exchange Online IP ranges.

TCP 443

9

Optional: Exchange Hybrid Co-existence

Exchange Online IP ranges | N/A

Customer on-premise Exchange

No

Yes

Customer IP

TCP 443

10

Optional: Exchange Hybrid Proxy Authentication

Exchange Online IP ranges | N/A

Customer on-premise STS

No

Yes

Customer IP

TCP 443

11

Optional: Used to configure Exchange Hybrid, using the Exchange Hybrid Configuration Wizard.

Note   These endpoints are only required to configure Exchange hybrid. Rows 8-10 describe the ongoing traffic.

Existing Exchange service | N/A

hybridconfiguration.azurewebsites.net

*.hybridconfiguration.azurewebsites.net

*.Blob.core.Windows.Net

No

No

65.55.39.128/25

65.55.181.128/25

207.46.150.128/25

207.46.164.0/24

207.46.203.128/26

TCP 443

Domains.live.com2

No

Yes

65.55.79.128/25

TCP 443

12

Optional: Exchange Online IMAP4 migration

IMAP4 Service | N/A

outlook.office365.com

*.outlook.office.com

No

Yes

Exchange Online IP ranges.

TCP 143/993

13

Optional: Exchange Online POP3 migration

POP3 Service | N/A

outlook.office365.com

*.outlook.office.com

No

Yes

Exchange Online IP ranges.

TCP 995

14

Optional: All other Exchange Online migration tools

Existing Exchange service (EWS or MRS) | N/A

outlook.office365.com

*.outlook.office.com

No

Yes

Exchange Online IP ranges.

TCP 443

15

Optional: Required for Delve

Client Computer | Logged on user

Delve.office.com

No

No

Exchange Online IP ranges.

TCP 443

16

Optional: Required for Delve

Client Computer | Logged on user

r3.res.outlook.com

Akamai

No

N/A

TCP 443

1Keep in mind that Machine accounts won’t work with proxies that require outbound authentication.

2 Only required for Exchange 2010 SP3 Hybrid Configuration Wizard.

(Back to top | Office 365 portal and shared | Office 365 authentication and identity | Exchange Online | Skype for Business Online | SharePoint Online | Exchange Online Protection (EOP) | Office 365 remote analyzer tools | Office 365 ProPlus | Office Online | Yammer | Sway | Planner)

Network card (NIC)

Expand to see the Exchange Online IP Addresses

Note: ExpressRoute for Office 365 currently does not support IPv6

Exchange Online IPv4 Addresses for ER available services

Exchange Online IPv6 Addresses

13.107.6.152
13.107.6.153
13.107.9.152
13.107.9.153
23.103.160.0/20
23.103.224.0/19
40.96.0.0/16
40.97.0.0/16
40.98.0.0/16
40.99.0.0/16
40.100.0.0/16
40.101.0.0/16
40.102.0.0/16
40.103.0.0/16
40.104.0.0/16
40.105.0.0/16
65.54.62.0/25
65.55.39.128/25
65.55.78.128/25
65.55.79.128/25
65.55.94.0/25
65.55.113.64/26
65.55.126.0/25
65.55.174.0/25
65.55.181.128/25
70.37.151.128/25
94.245.117.128/25
111.221.23.128/25
111.221.66.0/25
111.221.69.128/25
111.221.112.0/21
131.253.33.215
132.245.0.0/16
134.170.68.0/23
191.234.192.0/19
157.55.9.128/25
157.55.11.0/25
157.55.47.0/24
157.55.49.0/24
157.55.61.0/24
157.55.157.128/25
157.55.224.128/25
157.55.225.0/25
157.56.0.0/16
191.234.6.152
191.234.140.0/22
191.234.224.0/22
204.79.197.215
206.191.224.0/19
207.46.4.128/25
207.46.58.128/25
207.46.150.128/25
207.46.164.0/24
207.46.198.0/25
207.46.203.128/26
213.199.174.0/25
213.199.177.0/26
2a01:111:f400::/48
2620:1ec:a92::152
2620:1ec:4::152
2620:1ec:a92::153
2620:1ec:4::153

(Back to top | Office 365 portal and shared | Office 365 authentication and identity | Exchange Online | Skype for Business Online | SharePoint Online | Exchange Online Protection (EOP) | Office 365 remote analyzer tools | Office 365 ProPlus | Office Online | Yammer | Sway | Planner)

Skype for Business Online

To use this application, you must be able to connect to the endpoints described below. To see the IP addresses, expand the IP address section below the table describing the traffic flow.

Row

Purpose

Source | Credentials

Destination

CDN

ExpressRoute for Office 365

Destination IP

Destination Port

1

Required: Authentication and identity

See Office 365 authentication and identity

2

Required: Portal and shared

See Office 365 portal and shared

3

Required: SIP signaling

Client Computer | Logged on user

*.Lync.com

No

Yes

Skype for Business IP ranges.

TCP 443

4

Required: Persistent Shared Object Model (PSOM) connections web conferencing

Client Computer | Logged on user

*.Lync.com

No

Yes

Skype for Business IP ranges.

TCP 443

5

Required: HTTPS downloads

Client Computer | Logged on user

*.Lync.com

No

Yes

Skype for Business IP ranges.

TCP 443

6

Required: Audio

Client Computer | Logged on user

*.Lync.com

No

Yes

Skype for Business IP ranges.

TCP 443, UDP 3478, TCP/UDP 50,000-59,999

7

Required: Video

Client Computer | Logged on user

*.Lync.com

No

Yes

Skype for Business IP ranges.

TCP 443, UDP 3478, TCP/UDP 50,000-59,999

8

Required: Desktop sharing

Client Computer | Logged on user

*.Lync.com

No

Yes

Skype for Business IP ranges.

TCP 443, TCP 50,000-59,999

9

Required: Lync Mobile push notifications for Lync Mobile 2010 on iOS devices. You don't need this for Android, Nokia Symbian or Windows Phone mobile devices.

Client Computer | Logged on user

*.Lync.com

No

Yes

Skype for Business IP ranges.

TCP 5223

10

Required: Skype Telemetry

Client Computer | Logged on user

skypemaprdsitus.trafficmanager.net

pipe.skype.com

No

No

N/A.

TCP 443

11

Required: Skype client quicktips

Client Computer | Logged on user

quicktips.skypeforbusiness.com

No

No

N/A.

TCP 443

To use Skype Meeting Broadcast, the following endpoints need to be accessible to client computers.

Row

Purpose

Source |Credentials

Destination

CDN

ExpressRoute for Office 365

Destination IP

Destination Port

1

Required: For all Skype functionality, the entries are labeled "required".

See Skype for Business Online for all of the URLs and IP address ranges.

2

Required: Skype Meeting Broadcast

Client computer / logged on user

broadcast.skype.com

*.broadcast.skype.com

*.infra.lync.com

None

No

N/A

TCP 443

3

Required: Skype Meeting Broadcast

Client computer / logged on user

aka.ms

None

No

N/A

TCP 80 & 443

*.microsoftonline.com

None

Yes

Authentication and Identity IP ranges

TCP 443

Note   The wildcard for Lync.com and broadcast.skype.com represents a long list of nodes that are exclusively used for Office 365.

(Back to top | Office 365 portal and shared | Office 365 authentication and identity | Exchange Online | Skype for Business Online | SharePoint Online | Exchange Online Protection (EOP) | Office 365 remote analyzer tools | Office 365 ProPlus | Office Online | Yammer | Sway | Planner)

Network card (NIC)

Expand to see the Skype for Business Online IP Addresses

Note: ExpressRoute for Office 365 currently does not support IPv6

Skype for Business Online IPv4 Addresses for ER available services

Skype for Business Online IPv6 Addresses

23.103.128.0/25
23.103.128.128/25
23.103.129.0/25
23.103.129.128/25
23.103.130.0/26
23.103.130.64/26
23.103.130.128/26
23.103.130.192/26
23.103.176.128/26
23.103.176.192/27
23.103.178.128/26
23.103.178.192/27
40.110.0.0/16
65.55.121.128/27
65.55.127.0/24
66.119.157.0/25
66.119.157.160/27
66.119.157.192/26
66.119.158.0/25
111.221.17.128/27
111.221.22.64/26
111.221.76.96/27
111.221.76.128/25
111.221.77.0/26
111.221.122.192/26
131.253.128.0/25
131.253.128.128/25
131.253.129.0/25
131.253.129.128/26
131.253.129.143
131.253.130.0/25
131.253.130.128/26
131.253.130.192/26
131.253.131.0/25
131.253.131.128/26
131.253.132.0/25
131.253.134.0/25
131.253.136.0/25
131.253.136.128/25
131.253.137.0/25
131.253.138.128/25
131.253.140.0/25
131.253.140.128/25
131.253.141.0/25
131.253.141.128/25
131.253.142.128/25
131.253.160.0/26
131.253.160.128/26
131.253.160.64/26
131.253.161.128/26
131.253.161.192/26
131.253.162.0/26
131.253.162.64/26
131.253.162.128/26
131.253.162.192/26
131.253.163.0/26
131.253.163.64/26
131.253.164.0/26
131.253.165.0/26
131.253.178.0/27
131.253.178.64/27
131.253.178.96/27
131.253.178.128/27
131.253.178.160/27
132.245.0.0/24
132.245.1.0/25
132.245.112.0/24
132.245.113.0/25
132.245.128.0/24
132.245.129.0/25
132.245.161.0/24
132.245.162.0/25
132.245.192.0/24
132.245.193.0/25
132.245.208.0/24
132.245.209.0/25
134.170.0.0/25
134.170.53.32/27
134.170.54.0/26
134.170.54.128/25
134.170.58.224/27
134.170.113.192/26
134.170.115.0/27
134.170.115.128/25
134.170.119.224/27
157.55.40.128/25
157.55.46.0/27
157.55.46.64/26
157.55.229.128/27
157.55.232.128/26
157.55.238.0/25
157.56.135.64/26
157.56.135.160/27
157.56.184.224/27
157.56.185.0/26
191.232.80.96/27
191.232.83.0/27
191.232.83.32/27
191.232.83.64/27
207.46.5.0/24
207.46.7.128/27
207.46.57.0/25
2a01:111:2007:3::/64
2a01:111:2007:4::/64
2a01:111:200f:6::/64
2a01:111:200f:7::/64 
2a01:111:200f:8::/64
2a01:111:200f:9::/64
2a01:111:2012:2::/64 
2a01:111:2012:3::/64
2a01:111:2012:4::/64
2a01:111:2012:5::/64
2a01:111:2012:6::/64
2a01:111:2012:7::/64
2a01:111:202a:2::/64
2a01:111:202a:3::/64
2a01:111:202b:3::/64
2a01:111:202b:4::/64
2a01:111:202b:9::/64
2a01:111:202b:a::/64
2a01:111:2034:2::/64
2a01:111:2034:3::/64
2a01:111:2035:6::/64
2a01:111:2035:7::/64
2a01:111:2036:2::/64
2a01:111:2036:3::/64
2a01:111:203e:1::/64
2a01:111:203e:2::/64
2a01:111:2040:1::/64
2a01:111:2040:2::/64
2a01:111:2046:4::/64
2a01:111:2046:5::/64
2a01:111:2a:7::/6
2a01:111:2a:8::/64
2a01:111:f402:5802::/64
2a01:111:f402:5803::/64
2a01:111:f402:5805::/64
2a01:111:f404:0c06::/64
2a01:111:f404:0c07::/64
2a01:111:f404:0c09::/64
2a01:111:f404:0c0a::/64
2a01:111:f404:3400::/64
2a01:111:f404:3401::/64
2a01:111:f404:8002::/64
2a01:111:f404:8003::/64
2a01:111:f404:9400::/64
2a01:111:f404:9401::/64
2a01:111:f404:a000::/64
2a01:111:f404:a001::/64
2a01:111:f404:a800::/64
2a01:111:f404:a801::/64
2a01:111:f404:c0b::/64
2a01:111:f404:c0c::/64
2a01:111:f406:2400::/64
2a01:111:f406:2401::/64
2a01:111:f406:402::/64
2a01:111:f406:403::/64

(Back to top | Office 365 portal and shared | Office 365 authentication and identity | Exchange Online | Skype for Business Online | SharePoint Online | Exchange Online Protection (EOP) | Office 365 remote analyzer tools | Office 365 ProPlus | Office Online | Yammer | Sway | Planner)

SharePoint Online

To use this application, you must be able to connect to the endpoints described below. To see the IP addresses, expand the IP address section below the table describing the traffic flow.

This list also applies to many of the new applications that are dependent on SharePoint Online, such as Power BI (included with Office 365), Project Online, and Office 365 Video. The Yammer endpoints are listed separately.

Row

Purpose

Source | Credentials

Destination

CDN

ExpressRoute for Office 365

Destination IP

Destination Port

1

Required: Authentication and identity

See Office 365 authentication and identity

2

Required: Portal and shared

See Office 365 portal and shared

3

Required: SharePoint Online and associated applications

Client Computer | Logged on user

*.sharepoint.com

<tenant>.sharepoint.com

<tenant>-my.sharepoint.com

No

Yes

SharePoint Online IP Ranges.

TCP 443

4

Required: SharePoint Online Explorer View

Note   These are the only two FQDNs that need to be added to the IE Trusted Sites zone for Explorer View to function, other Office 365 services may not function with these FQDNs in the IE Trusted Sites zone.

Client Computer | Logged on user

<tenant>-files.sharepoint.com

<tenant>-myfiles.sharepoint.com

No

Yes

SharePoint Online IP Ranges.

TCP 443

5

Required: CDNs for SharePoint Online and associated applications

Client Computer | Logged on user

*.sharepointonline.com

Cdn.sharepointonline.com

Static.sharepointonline.com

Prod.msocdn.com

Microsoft & Akamai

No

N/A

TCP 443

6

Required: SharePoint Online inbound mail

SharePoint Online IP Ranges | N/A

Customer environment

No

Yes

Customer environment

TCP 25

7

Optional: Required for Office 365 Video

Client Computer | Logged on user

cvprbl201m01.keydelivery.mediaservices.windows.net

cvprbl202m01.keydelivery.mediaservices.windows.net

cvprbl203m01.keydelivery.mediaservices.windows.net

cvprby101m01.keydelivery.mediaservices.windows.net

cvprby102m01.keydelivery.mediaservices.windows.net

cvprby103m01.keydelivery.mediaservices.windows.net

cvpram201m01.keydelivery.mediaservices.windows.net

cvpram202m01.keydelivery.mediaservices.windows.net

cvpram203m01.keydelivery.mediaservices.windows.net

cvprdb301m01.keydelivery.mediaservices.windows.net

cvprdb302m01.keydelivery.mediaservices.windows.net

cvprdb303m01.keydelivery.mediaservices.windows.net

cvprsg101m01.keydelivery.mediaservices.windows.net

cvprsg102m01.keydelivery.mediaservices.windows.net

cvprhkn01m01.keydelivery.mediaservices.windows.net

cvprhkn02m01.keydelivery.mediaservices.windows.net

cvpros101m01.keydelivery.mediaservices.windows.net

cvpros102m01.keydelivery.mediaservices.windows.net

cvprkw101m01.keydelivery.mediaservices.windows.net

cvprkw102m01.keydelivery.mediaservices.windows.net

cvpraueas101m01.keydelivery.mediaservices.windows.net

cvprausoe101m01.keydelivery.mediaservices.windows.net

cvprinwe101m01.keydelivery.mediaservices.windows.net

cvprinso101m02.keydelivery.mediaservices.windows.net

cvpreus01m01.keydelivery.mediaservices.windows.net

cvprbl201m01.streaming.mediaservices.windows.net

cvprbl202m01.streaming.mediaservices.windows.net

cvprbl203m01.streaming.mediaservices.windows.net

cvprby101m01.streaming.mediaservices.windows.net

cvprby102m01.streaming.mediaservices.windows.net

cvprby103m01.streaming.mediaservices.windows.net

cvpram201m01.streaming.mediaservices.windows.net

cvpram202m01.streaming.mediaservices.windows.net

cvpram203m01.streaming.mediaservices.windows.net

cvprdb301m01.streaming.mediaservices.windows.net

cvprdb302m01.streaming.mediaservices.windows.net

cvprdb303m01.streaming.mediaservices.windows.net

cvprsg101m01.streaming.mediaservices.windows.net

cvprsg102m01.streaming.mediaservices.windows.net

cvprhkn01m01.streaming.mediaservices.windows.net

cvprhkn02m01.streaming.mediaservices.windows.net

cvpros101m01.streaming.mediaservices.windows.net

cvpros102m01.streaming.mediaservices.windows.net

cvprkw101m01.streaming.mediaservices.windows.net

cvprkw102m01.streaming.mediaservices.windows.net

cvpraueas101m01.streaming.mediaservices.windows.net

cvprausoe101m01.streaming.mediaservices.windows.net

cvprinwe101m01.streaming.mediaservices.windows.net

cvprinso101m02.streaming.mediaservices.windows.net

cvpreus01m01.streaming.mediaservices.windows.net

Azure Media Services

No

N/A

TCP 443

8

Optional: Required for Office 365 Video

Client Computer | Logged on user

ajax.aspnetcdn.com

Azure Media Services

No

N/A

TCP 443

9

Optional: Required for Office 365 Video

Client Computer | Logged on user

r3.res.outlook.com

Akamai

No

N/A

TCP 443

10

Optional: Required for Office 365 Video and/or OneDrive for Business

Client Computer | Logged on user

Spoprod-a.akamaihd.net

Akamai

No

N/A

TCP 443

11

Optional: Required for OneNote notebooks

OneNote | Logged on user

www.onenote.com

No

No

N/A

TCP 443

12

Optional: Required for OneNote notebooks

OneNote | Logged on user

cdn.onenote.net

Akamai

No

N/A

TCP 443

(Back to top | Office 365 portal and shared | Office 365 authentication and identity | Exchange Online | Skype for Business Online | SharePoint Online | Exchange Online Protection (EOP) | Office 365 remote analyzer tools | Office 365 ProPlus | Office Online | Yammer | Sway | Planner)

Network card (NIC)

Expand to see the SharePoint Online IP Addresses

Note: ExpressRoute for Office 365 currently does not support IPv6

SharePoint Online IPv4 Addresses for ER available services

SharePoint Online IPv6 Addresses

13.69.155.226
13.107.6.150
13.107.9.150
23.99.92.12
23.101.62.52
40.76.209.44
40.108.0.0/16
40.109.0.0/16
42.159.34.0/27
42.159.38.0/23
42.159.162.0/27
42.159.166.0/23
65.52.45.0/24
65.55.22.32/27
70.37.151.64/27
94.245.113.160/27
104.40.218.86
104.46.43.8
104.146.0.0/15
104.209.130.88
111.221.17.160/27
111.221.20.128/25
111.221.22.32/27
111.221.22.192/27
111.221.64.160/27
111.221.67.0/25
134.170.200.0/21
134.170.208.0/21
134.177.0.0/16
137.116.50.49
138.91.247.166
157.55.43.32/27
157.55.46.128/27
157.55.56.0/27
157.55.62.96/27
157.55.62.128/27
157.55.103.0/27
157.55.144.64/26
157.55.145.192/27
157.55.147.0/27
157.55.151.192/27
157.55.152.128/25
157.55.153.0/27
157.55.153.64/26
157.55.154.64/27
157.55.225.160/27
157.55.225.224/27
157.55.227.128/27
157.55.229.0/25
157.55.229.160/27
157.55.231.32/27
157.55.232.0/27
157.55.235.64/27
157.55.238.128/27
157.56.24.128/27
157.56.48.0/27
157.56.80.128/27
157.56.81.192/26
157.56.113.0/27
157.56.132.128/26
157.56.150.32/27
168.61.25.60
191.232.0.0/23
191.234.8.0/21
191.234.76.0/23
191.234.128.0/21
191.234.144.0/20
191.234.148.0/22
191.234.152.0/23
191.234.192.0/19
191.234.208.0/23
191.235.0.0/20
207.46.203.128/27
213.199.179.0/27
2620:1ec:a92::150
2620:1ec:4::150
2a01:111:f402::/48
2801:80:1d0:1400::/54

(Back to top | Office 365 portal and shared | Office 365 authentication and identity | Exchange Online | Skype for Business Online | SharePoint Online | Exchange Online Protection (EOP) | Office 365 remote analyzer tools | Office 365 ProPlus | Office Online | Yammer | Sway | Planner)

Exchange Online Protection (EOP)

To use this application, you must be able to connect to the endpoints described below. To see the IP addresses, expand the IP address section below the table describing the traffic flow.

Row

Purpose

Source | Credentials

Source Port

Destination

CDN

ExpressRoute for Office 365

Destination IP

Destination Port

1

Required: Authentication and identity

See Office 365 authentication and identity

2

Required: EOP

Client Computer | Logged on user

TCP 80 & 443

*.protection.outlook.com

No

Yes

See Exchange Online Protection IP Addresses

TCP 80 & 443

3

Required: Send email

Existing email environment | N/A

TCP 25

<customer domain-key>.mail.protection.outlook.com

No

Yes

See Exchange Online Protection IP Addresses

TCP 25

4

Required: Receive email

See Exchange Online Protection IP Addresses | N/A

TCP 25

Existing email environment

No

Yes

See Exchange Online Protection IP Addresses

TCP 25

Note   The wildcard in the first row of the EOP table represents a long list of nodes that are exclusively used for Exchange Online Protection. No other commercial or consumer services use this namespace.

(Back to top | Office 365 portal and shared | Office 365 authentication and identity | Exchange Online | Skype for Business Online | SharePoint Online | Exchange Online Protection (EOP) | Office 365 remote analyzer tools | Office 365 ProPlus | Office Online | Yammer | Sway | Planner)

Office 365 remote analyzer tools

To use this application, you must be able to connect to the endpoints described below. To see the IP addresses, expand the IP address section below the table describing the traffic flow.

Row

Purpose

Source | Credentials

Destination

CDN

ExpressRoute for Office 365

Destination IP

Destination Port

1

Required: Initiate connectivity tests.

Web Browser | Logged on user

testconnectivity.microsoft.com

testexchangeconnectivity.com

No

No

Remote Analyzer IP Ranges.

TCP 80 & 443

2

Required: Captcha & support services

Web Browser | Logged on user

client.hip.live.com

wu.client.hip.live.com

support.microsoft.com

No

No

N/A

TCP 80 & 443

3

Required: Execution of the tests selected by the customer.

testconnectivity.microsoft.com | Provided by customer on the testconnectivity website

On-premises systems for email and collaboration.

No

No

Customer IP ranges

80, 443, 25, POP3 on (110, 995, or Custom), IMAP4 on (143, 993, or Custom)

4

Required: Certificate revocation lists

Web Browser | Logged on user

See well known certificate root CRLs in the table below.

No

No

N/A

TCP 80 & 443

(Back to top | Skype for Business Online | Exchange Online | SharePoint Online | Office 365 portal and identity | Office 365 ProPlus | Office Online | Yammer | Sway | Planner)

Network card (NIC)

Expand to see the Remote Analyzer IP Addresses

Office 365 remote analyzer tools IP Addresses

Well known certificate root FQDNs

13.67.59.89
40.85.91.8
104.208.36.70
134.170.52.122 
134.170.52.123 
134.170.52.124 
157.56.138.141
157.56.138.142
157.56.138.143
crl.microsoft.com 
evsecure-ocsp.verisign.com
evsecure-aia.verisign.com
evsecure-crl.verisign.com
ocsp.msocsp.com
sa.symcb.com
sd.symcb.com
*.omniroot.com
*.verisign.com
*.symcb.com
*.symcd.com
*.verisign.net
*.geotrust.com
*.entrust.net
*.public-trust.com

(Back to top | Office 365 portal and shared | Office 365 authentication and identity | Exchange Online | Skype for Business Online | SharePoint Online | Exchange Online Protection (EOP) | Office 365 remote analyzer tools | Office 365 ProPlus | Office Online | Yammer | Sway | Planner)

Yammer

To use this application, you must be able to connect to the endpoints described below. To see the IP addresses, expand the IP address section below the table describing the traffic flow.

Row

Purpose

Source | Credentials

Destination

CDN

ExpressRoute for Office 365

Destination IP

Destination Port

1

Required: Authentication and identity

See Office 365 authentication and identity

2

Required: Portal and shared

See Office 365 portal and shared

3

Required: Yammer

Client Computer | Logged on user

*.yammer.com

*.yammerusercontent.com

No

No

Yammer IP Ranges.

TCP 443

4

Required: Yammer

Client Computer | Logged on user

*.assets-yammer.com

Varies

No

N/A

TCP 443

5

Optional: Document, video, & image storage/rendering

Client Computer | Logged on user

ajax.googleapis.com

*.cloudfront.net

No

No

N/A

TCP 443

Note   The wildcard for yammer.com represents a long list of nodes that are exclusively used for Office 365.

(Back to top | Skype for Business Online | Exchange Online | SharePoint Online | Exchange Online Protection (EOP) | Office 365 ProPlus | Office Online | Office 365 portal and identity | Sway | Planner)

Network card (NIC)

Expand to see the Yammer IP Addresses

Office 365 ProPlus

To use this application, you must be able to connect to the endpoints described below. To see the IP addresses, expand the IP address section below the table describing the traffic flow.

If you’re interested in bypassing the CDN for your deployment, you can build an internal installation point.

Row

Purpose

Source | Credentials

Destination

CDN

ExpressRoute for Office 365

Destination IP

Destination Port

1

Required: This url is needed to renew the product key approximately every 30 days

Office client only | Local system

activation.sls.microsoft.com

No

No

N/A

TCP 443

2

Required: This URL is required to validate certificates during activation

Office client only | Local system

crl.microsoft.com

No

No

N/A

TCP 80 & 443

3

Required: Required for identity and configuration services

Office client only | Local system

odc.officeapps.live.com

Microsoft & Akamai

No

Office 365 ProPlus IP Ranges and CDN IP addresses not provided.

TCP 443

4

Required: This URL is the Office Licensing Service, which is used during activation and subscription maintenance

Office client only | Local system

ols.officeapps.live.com

Microsoft & Akamai

No

Office 365 ProPlus IP Ranges and CDN IP addresses not provided.

TCP 443

5

Required: Required for redirection services during initial Office activation and Office license heartbeat.

Office client only | Local system

office15client.microsoft.com

Microsoft & Akamai

No

Office 365 ProPlus IP Ranges and CDN IP addresses not provided.

TCP 443

6

Required: Required to authenticate the users identity (Org Id) during initial Office entitlement check. After initial activation, not used unless re-entitlement check is required.

Office client only | Logged on user

clientconfig.microsoftonline-p.net

login.windows.net

login.microsoftonline.com

No

Yes

Authentication and Identity IP ranges

TCP 443

6

Required: Contains Office 365 ProPlus source media used for installation and/or updates. If automatic updates are configured in the default settings, the local system account is used when downloading updates.

Office client only | Logged on user

officecdn.microsoft.com

Microsoft & Akamai

No

N/A

TCP 80

7

Required: This URL is used to redirect to web content such as online help and error code information.

Office client only | Logged on user

go.microsoft.com

Microsoft & Akamai

No

N/A

TCP 80

(Back to top | Exchange Online | Skype for Business Online | SharePoint Online | Exchange Online Protection (EOP) | Office 365 portal and identity | Office 365 portal and identity | Yammer | Sway | Planner)

Network card (NIC)

Expand to see the Office 365 ProPlus IP Addresses

Office 365 ProPlus IPv4 Addresses for non-ER available services

13.107.12.51
104.40.234.17
104.210.220.25
191.236.108.93
191.236.157.212

(Back to top | Office 365 portal and shared | Office 365 authentication and identity | Exchange Online | Skype for Business Online | SharePoint Online | Exchange Online Protection (EOP) | Office 365 remote analyzer tools | Office 365 ProPlus | Office Online | Yammer | Sway | Planner)

Office Online

To use this application, you must be able to connect to the endpoints described below. To see the IP addresses, expand the IP address section below the table describing the traffic flow.

Row

Purpose

Source |Credentials

Destination

CDN

ExpressRoute for Office 365

Destination IP

Destination Port

1

Required: Authentication and identity

See Office 365 authentication and identity

2

Required: Portal and shared

See Office 365 portal and shared

3

Required: Office Online

Client Computer | Logged on user

*.officeapps.live.com

No

Yes

Office Online IP Ranges.

TCP 443

4

Required: Content Delivery Network for Office Web Apps

Client Computer | Logged on user

*.cdn.office.net

Akamai

No

N/A

TCP 443

Note   The wildcard for officeapps.live.com represents a long list of nodes such as excel.officeapps.live.com that are exclusively used for Office Online.

(Back to top | Office 365 portal and shared | Office 365 authentication and identity | Exchange Online | Skype for Business Online | SharePoint Online | Exchange Online Protection (EOP) | Office 365 remote analyzer tools | Office 365 ProPlus | Office Online | Yammer | Sway | Planner)

Network card (NIC)

Expand to see the Office Online IP Addresses

Note: ExpressRoute for Office 365 currently does not support IPv6

Office Web Apps IPv4 Addresses for ER available services

Office Web Apps IPv6 Addresses

23.101.60.234
23.102.157.61
23.103.183.0/26
40.117.226.146
104.41.62.54
104.46.60.252
104.215.194.17
131.253.33.204
131.253.33.205
134.170.27.64/26
134.170.48.0/26
134.170.65.64/26
134.170.128.192/26
134.170.170.64/26
137.116.172.39
191.232.2.64/26
204.79.197.204
204.79.197.205
2a01:111:f406:8800::/64
2a01:111:f406:400::/64
2a01:111:f406:1c01::/64
2a01:111:f406:9400::/64
2a01:111:f406:2402::/64
2a01:111:f406:a804::/64 
2a01:111:f406:b401::/64
2620:1ec:c11::204
2a01:111:202c::204
2620:1ec:c11::205
2a01:111:202c::205

(Back to top | Office 365 portal and shared | Office 365 authentication and identity | Exchange Online | Skype for Business Online | SharePoint Online | Exchange Online Protection (EOP) | Office 365 remote analyzer tools | Office 365 ProPlus | Office Online | Yammer | Sway | Planner)

Sway

To use this application, you must be able to connect to the endpoints described below. To see the IP addresses, expand the IP address section below the table describing the traffic flow.

Row

Purpose

Source | Credentials

Destination

CDN

ExpressRoute for Office 365

Destination IP

Destination Port

1

Required: Authentication and identity

See Office 365 authentication and identity

2

Required: Portal and shared

See Office 365 portal and shared

3

Required: Sway

Client Computer | Logged on user

sway.com

www.sway.com

eus-www.sway.com

eus-000.www.sway.com

eus-001.www.sway.com

eus-002.www.sway.com

eus-003.www.sway.com

eus-004.www.sway.com

eus-005.www.sway.com

eus-006.www.sway.com

eus-007.www.sway.com

eus-008.www.sway.com

eus-009.www.sway.com

eus-00a.www.sway.com

eus-00b.www.sway.com

eus-00c.www.sway.com

eus-00d.www.sway.com

eus-00e.www.sway.com

wus-www.sway.com

wus-000.www.sway.com

wus-001.www.sway.com

wus-002.www.sway.com

wus-003.www.sway.com

wus-004.www.sway.com

wus-005.www.sway.com

wus-006.www.sway.com

wus-007.www.sway.com

wus-008.www.sway.com

wus-009.www.sway.com

wus-00a.www.sway.com

wus-00b.www.sway.com

wus-00c.www.sway.com

wus-00d.www.sway.com

wus-00e.www.sway.com

No

No

Sway IP Ranges.

TCP 443

4

Required: Sway

Client Computer | Logged on user

eus-www.sway-cdn.com

wus-www.sway-cdn.com

eus-www.sway-extensions.com

wus-www.sway-extensions.com

Akamai

No

N/A

TCP 443

5

Optional: Sway website analytics

Client Computer | Logged on user

c.microsoft.com c1.microsoft.com

prod.msocdn.com

www.google-analytics.com

No

No

N/A

TCP 443

6

Optional: Sway third party content

Client Computer | Logged on user

Access to third party content such as Bing, Flickr, and so on.

No

No

N/A

TCP 443

(Back to top | Office 365 portal and shared | Office 365 authentication and identity | Exchange Online | Skype for Business Online | SharePoint Online | Exchange Online Protection (EOP) | Office 365 remote analyzer tools | Office 365 ProPlus | Office Online | Yammer | Sway | Planner)

Network card (NIC)

Expand to see the Sway IP Addresses

Sway IPv4 Addresses for non-ER available services

40.76.22.51
40.76.30.255
40.76.213.143
40.76.216.125
40.76.221.181
40.76.222.175
40.83.185.108
40.114.8.214
40.114.14.121
40.114.15.142
40.114.45.182
40.114.40.12
40.114.51.204
40.114.51.239
40.118.210.94
40.112.188.120
40.118.131.134
40.118.135.86
40.118.131.27
40.118.209.10
104.41.155.129
104.210.43.160
137.135.51.71
137.135.52.204
138.91.155.70
138.91.159.117
138.91.160.172
138.91.245.66

(Back to top | Office 365 portal and shared | Office 365 authentication and identity | Exchange Online | Skype for Business Online | SharePoint Online | Exchange Online Protection (EOP) | Office 365 remote analyzer tools | Office 365 ProPlus | Office Online | Yammer | Sway | Planner)

Planner

To use this application, you must be able to connect to the endpoints described below. To see the IP addresses, expand the IP address section below the table describing the traffic flow.

Row

Purpose

Source | Credentials

Destination

CDN

ExpressRoute for Office 365

Destination IP

Destination Port

1

Required: Authentication and identity

See Office 365 authentication and identity

2

Required: Portal and shared

See Office 365 portal and shared

3

Required: Planner

Browser/ authenticated user

tasks.office.com

controls.office.com

cus-000.tasks.osi.office.net

ea-000.tasks.osi.office.net

eus-zzz.tasks.osi.office.net

neu-000.tasks.osi.office.net

sea-000.tasks.osi.office.net

weu-000.tasks.osi.office.net

wus-000.tasks.osi.office.net

www.outlook.com

outlook.office365.com

clientlog.portal.office.com

No

No

Planner IP Ranges.

TCP 443

4

Required: Planner CDNs

Browser/ authenticated user

ajax.aspnetcdn.com

prod.msocdn.com

Akamai

No

N/A

TCP 443

Network card (NIC)

Expand to see the Planner IP Addresses

Planner IPv4 Addresses for non-ER available services

13.107.5.82
13.107.5.83
13.107.13.82
13.107.13.83
65.52.168.35
137.116.129.218
137.135.177.165
168.61.184.237
168.62.4.34
168.62.60.117
168.63.98.5

(Back to top | Office 365 portal and shared | Office 365 authentication and identity | Exchange Online | Skype for Business Online | SharePoint Online | Exchange Online Protection (EOP) | Office 365 remote analyzer tools | Office 365 ProPlus | Office Online | Yammer | Sway | Planner)

Office for iPad

This is the current list of Office for iPad URLs. If you’re using allow lists to filter iPad connectivity differently than other computers on your network, you can use just this list of URLs to create those allow lists.

Office for iPad URLs

directory.services.live.com
odc.officeapps.live.com
docs.live.net
roaming.officeapps.live.com
nexus.officeapps.live.com
sqm.microsoft.com
watson.telemetry.microsoft.com
login.live.com
wer.microsoft.com         
microsoft-my.sharepoint.com
login.microsoftonline.com
ms.tific.com
msft.sts.microsoft.com
p100-sandbox.itunes.apple.com
signup.live.com
auth.gfx.ms
view.atdmt.com
client.hip.live.com
dc2.client.hip.live.com
c.live.com
go.microsoft.com
office.microsoft.com
officeimg.vo.msecnd.net
m.webtrends.com
account.live.com
c.bing.com
partnerservices.getmicrosoftkey.com
client.hip.live.com
clientconfig.microsoftonline-p.net
cl2.apple.com
sas.office.microsoft.com
foodanddrink.services.appex.bing.com
en-US.appex-rf.msn.com
weather.tile.appex.bing.com

(Back to top | Office 365 portal and shared | Office 365 authentication and identity | Exchange Online | Skype for Business Online | SharePoint Online | Exchange Online Protection (EOP) | Office 365 remote analyzer tools | Office 365 ProPlus | Office Online | Yammer | Sway | Planner)

Office Mobile

This is the current list of Office Mobile URLs. Office Mobile runs on Android devices, Windows Phones, and iPhones. If you’re filtering your mobile connectivity differently than other computers on your network, you can use just this list of URLs to create those allow lists.

Office Mobile URLs

office15client.microsoft.com
odc.officeapps.live.com
go.microsoft.com
login.microsoftonline.com
msft.sts.microsoft.com
odcsm.officeapps.live.com
microsoft-my.sharepoint.com
ms.tific.com
roaming.officeapps.live.com
o15.officeredir.microsoft.com
office.microsoft.com
officeimg.vo.msecnd.net
m.webtrends.com
d.docs.live.net
login.live.com
auth.gfx.ms
wer.microsoft.com
*.appex.bing.com
*.appex-rf.msn.com
appexsin.stb.s-msn.com

(Back to top | Office 365 portal and shared | Office 365 authentication and identity | Exchange Online | Skype for Business Online | SharePoint Online | Exchange Online Protection (EOP) | Office 365 remote analyzer tools | Office 365 ProPlus | Office Online | Yammer | Sway | Planner)

Applies To: Office 365 Admin, Office 2016 for Mac



Was this information helpful?

Yes No

How can we improve it?

255 characters remaining

To protect your privacy, please do not include contact information in your feedback. Review our privacy policy.

Thank you for your feedback!

Change language