Office 365 and Skype for Business Online Firewall Ports

Send Us a Sign! (Contact Us!)

The following are the requirements of Skype for Business Online, note this information can change as the service evolves. This is from the clients machine to Office 365:

Port DestinationProtocolClient UsageDirection

443

TCP

SIP Signalling

Outbound

443

TCP

Audio, Video, Application sharing sessions and Web Conferencing

Outbound

3478, 3479, 3480, 3481

UDP

Audio and Video Sessions

Outbound

5223

TCP

Skype for Business Mobile push notifications –  iOS Only

Outbound

50000 TO 59999 INCLUSIVE

RTC/UDP/TCP

Audio and Video Sessions

Outbound

50000 TO 59999 INCLUSIVE

TCP

Application Sharing and File   Transfer

Outbound

The following is the URL’s that SfB Online from the client will use to get to the SfB Online servers so if the traffic is going through internet proxies and you are having issues these URL’s will be helpful:

*.lync.com
crl.microsoft.com
evsecure-ocsp.verisign.com
evsecure-aia.verisign.com
evsecure-crl.verisign.com
sa.symcb.com
sd.symcb.com
config.edge.skype.com
pipe.skype.com
s-0001.s-msedge.net
s-0004.s-msedge.net
*.omniroot.com
*.verisign.com
*.symcb.com
*.symcd.com
*.verisign.net
*.geotrust.com
*.entrust.net
*.public-trust.com
*.cqd.lync.com
*.infra.lync.com
*.online.lync.com
*.resources.lync.com
*.config.skype.com
*.skypeforbusiness.com
*.pipe.aria.microsoft.com

Is there a minimum client version required to benefit from the port changes?

This change applies to all clients supported against Skype for Business Online. No clients are excluded and there are no specific minimum version required.

So which ports are required for clients?

All clients need to be able to directly connect to Skype for Business Online on the following destination ports:

TCP: 80, 443
UDP: 3478, 3479, 3480, 3481
Optional: UDP/TCP 50,000-59,999

Office 365

The following is the baseline firewall ports and URL’s required to consume Office 365. The followind will detail the other services:

Default ports are 80, 443, 25 (for any client mail routing outside of Exchange this would also require 587) and 49443 if ADFS is being used with ClientTLS.

The main URL’s for the proxy are as follows:

*.office.com
*.office365.com
*.office.net
*.microsoftonline.com
*.microsoft.com
*’live.com
*.windows.net
*.microsoftonline-p.com
*.microsoftonline-p.net
*.microsoftonlineimages.com
*.msecnd.net
*.msocdn.com
*.onmicrosoft.com
*.activedirectory.windowsazure.com
*.phonefactor.net
*.aadrm.com – optional Azure Rights Management
*.azurerms.com – optional Azure Rights Management
*.cloudapp.net – optional Azure Rights Management & MOM Pack
dc.services.visualstudio.com – optional Azure AD RemoteApp
liverdcxstorage.blob.core.windowsazure.com – optional Azure AD RemoteApp
telemetry.remoteapp.windowsazure.com – optional Azure AD RemoteApp
vortex.data.microsoft.com – optional Azure AD RemoteApp
http://www.remoteapp.windowsazure.com – optional Azure AD RemoteApp
ADFS Name – if using ADFS